SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:.\ssl\s3_clnt.c:984

Tue, 17 Jan 2012 08:16:24 -0800 

Hi,

I am trying to create SSL connection with a remote server using OpenSSL in 
visual C++ (Visual Studio-2008, Win-7). I am getting the following errors. 
Please let me know, what does this error indicates, and how can it be rectified.

Please reply me on my email address as well, because I asked one question few 
weeks back and I never saw its reply until today when I was searching for this 
new problem.

Thank you.
Kind Regards,
Hamid Shahid


//=========================================
//  Error Log
//=========================================
.... Establishing SSL Connection ....
Socket bound with server
Starting SSL HandShake on tcp connection
SSL error # 1 in accept, program terminated 0
12256:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify failed:.\ssl\s3_clnt.c:984:

//=========================================
//  Code
//=========================================

ConnectSSL(string serverIP, string serverPort)
{
       m_serverIP = serverIP;
       m_serverPort = serverPort;

       std::cout<<".... Establishing SSL Connection .... \n";

       // Binding Socket IP and Port
       memset(&socketaddr,0, sizeof(socketaddr));
       socketaddr.sin_family = AF_INET;
       socketaddr.sin_addr.s_addr = inet_addr((char *)m_serverIP.c_str() );
       socketaddr.sin_port = htons(atoi((char *)m_serverPort.c_str()));
       std::cout<<"Socket bound with server \n";

       myssl;
       myssl=SSL_new(ctx);  // Create new ssl object
       if(!myssl)
       {
              std::cout<<"Error creating SSL Object, error # 
"<<GetLastError()<<"\n";
              ERR_print_errors_fp(stderr);
              return -1;
       }

       err = connect(socketfd,(SOCKADDR *)&socketaddr,sizeof(SOCKADDR_IN)); // 
Connect to the server on TCP/IP layer
       if(err<0)
       {
              std::cout<<"Error creating connection on Tcp/ip socket, error # 
"<<GetLastError()<<"\n";
              ERR_print_errors_fp(stderr);
              //SSL_free(myssl);
              //SSL_CTX_free(ctx);
              return -1;
       }

       std::cout<<"Starting SSL HandShake on tcp connection\n";

       SSL_set_fd(myssl,(int)socketfd); //Bind the socket to the SSL Object
       err=SSL_connect(myssl);    // Connect to the server, SSL layer
       // Check for error in SSL connection
       if (err<1)
       {
              err=SSL_get_error(myssl,err);
              std::cout<<"SSL error # "<<err<<" in accept, program terminated 
"<<GetLastError()<<"\n";
              ERR_print_errors_fp(stderr);
              if(err==5)
              {
                     std::cout<<"SockErr - LastError is: "<<err<<", 
"<<GetLastError();
                     ERR_print_errors_fp(stderr);
              }

              closesocket(socketfd);
              //SSL_free(myssl);
              //SSL_CTX_free(ctx);
              return -1;
       }

       //Printing out connection details, when a connection is created
       cout<<"SSL connection on socket: "<<socketfd<<", Version: 
"<<SSL_get_version(myssl)<<", Cipher: "<<SSL_get_cipher(myssl)<<"\n";
       return 1;
}

//=========================================

LoadCertificates()
{
       std::cout<<".... Loading Certificates .... \n";

       cout<<"Accessing CERT_FILE : "<<m_certFileName.c_str()<<"\n";
       if (SSL_CTX_use_certificate_file(ctx,(char *)m_certFileName.c_str(), 
SSL_FILETYPE_PEM) <= 0)    // Indicate the certificate file to be used
       {
              std::cout<<"Error setting the certificate file, error # 
"<<GetLastError()<<"\n";
              ERR_print_errors_fp(stderr);
              return;
       }
       std::cout<<"~~Certificate file loaded~~\n";

       std::cout<<"setting the password for the Private Key\n"; // setting the 
password for the Private Key
       SSL_CTX_set_default_passwd_cb_userdata(ctx,(char 
*)m_privKeyPassword.c_str());

       std::cout<<"Accessing PrivateKey_file :"<< 
m_certPrivKeyFileName.c_str()<<"\n";   // Indicate the key file to be used
       if (SSL_CTX_use_PrivateKey_file(ctx,(char 
*)m_certPrivKeyFileName.c_str() , SSL_FILETYPE_PEM) <= 0)
       {
              std::cout<<"Error loading the private key, error # 
"<<GetLastError()<<"\n";
              ERR_print_errors_fp(stderr);
              return;
       }
       std::cout<<"~~Certificate PrivateKey_file loaded~~\n";

       if (SSL_CTX_check_private_key(ctx) == 0) // Make sure the key and 
certificate file match
       {
              std::cout<<"Private key does not match the certificate public 
key, error # "<<GetLastError()<<"\n";
              ERR_print_errors_fp(stderr);
              return;;
       }
       std::cout<<"~~Certificate and private key matched~~\n";

std::cout<<"Accessing Trusted CAs file : "<<m_trustedCAFileName.c_str()<<"\n";  
  // Set the list of trusted CAs based on the file and/or directory provided*/
       if(SSL_CTX_load_verify_locations(ctx,(char 
*)m_trustedCAFileName.c_str(),CA_DIR)<1)
       {
              std::cout<<"Error setting verify location, error # 
"<<GetLastError()<<"\n";
              ERR_print_errors_fp(stderr);
              return;
       }
       std::cout<<"~~CAs file loaded~~\n";

       SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);   // Set for server 
verification

       std::cout<<".... Certificates loaded .... \n\n";
}

//=========================================

Reply via email to