Hi, I am trying to create SSL connection with a remote server using OpenSSL in visual C++ (Visual Studio-2008, Win-7). I am getting the following errors. Please let me know, what does this error indicates, and how can it be rectified.
Please reply me on my email address as well, because I asked one question few weeks back and I never saw its reply until today when I was searching for this new problem. Thank you. Kind Regards, Hamid Shahid //========================================= // Error Log //========================================= .... Establishing SSL Connection .... Socket bound with server Starting SSL HandShake on tcp connection SSL error # 1 in accept, program terminated 0 12256:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:.\ssl\s3_clnt.c:984: //========================================= // Code //========================================= ConnectSSL(string serverIP, string serverPort) { m_serverIP = serverIP; m_serverPort = serverPort; std::cout<<".... Establishing SSL Connection .... \n"; // Binding Socket IP and Port memset(&socketaddr,0, sizeof(socketaddr)); socketaddr.sin_family = AF_INET; socketaddr.sin_addr.s_addr = inet_addr((char *)m_serverIP.c_str() ); socketaddr.sin_port = htons(atoi((char *)m_serverPort.c_str())); std::cout<<"Socket bound with server \n"; myssl; myssl=SSL_new(ctx); // Create new ssl object if(!myssl) { std::cout<<"Error creating SSL Object, error # "<<GetLastError()<<"\n"; ERR_print_errors_fp(stderr); return -1; } err = connect(socketfd,(SOCKADDR *)&socketaddr,sizeof(SOCKADDR_IN)); // Connect to the server on TCP/IP layer if(err<0) { std::cout<<"Error creating connection on Tcp/ip socket, error # "<<GetLastError()<<"\n"; ERR_print_errors_fp(stderr); //SSL_free(myssl); //SSL_CTX_free(ctx); return -1; } std::cout<<"Starting SSL HandShake on tcp connection\n"; SSL_set_fd(myssl,(int)socketfd); //Bind the socket to the SSL Object err=SSL_connect(myssl); // Connect to the server, SSL layer // Check for error in SSL connection if (err<1) { err=SSL_get_error(myssl,err); std::cout<<"SSL error # "<<err<<" in accept, program terminated "<<GetLastError()<<"\n"; ERR_print_errors_fp(stderr); if(err==5) { std::cout<<"SockErr - LastError is: "<<err<<", "<<GetLastError(); ERR_print_errors_fp(stderr); } closesocket(socketfd); //SSL_free(myssl); //SSL_CTX_free(ctx); return -1; } //Printing out connection details, when a connection is created cout<<"SSL connection on socket: "<<socketfd<<", Version: "<<SSL_get_version(myssl)<<", Cipher: "<<SSL_get_cipher(myssl)<<"\n"; return 1; } //========================================= LoadCertificates() { std::cout<<".... Loading Certificates .... \n"; cout<<"Accessing CERT_FILE : "<<m_certFileName.c_str()<<"\n"; if (SSL_CTX_use_certificate_file(ctx,(char *)m_certFileName.c_str(), SSL_FILETYPE_PEM) <= 0) // Indicate the certificate file to be used { std::cout<<"Error setting the certificate file, error # "<<GetLastError()<<"\n"; ERR_print_errors_fp(stderr); return; } std::cout<<"~~Certificate file loaded~~\n"; std::cout<<"setting the password for the Private Key\n"; // setting the password for the Private Key SSL_CTX_set_default_passwd_cb_userdata(ctx,(char *)m_privKeyPassword.c_str()); std::cout<<"Accessing PrivateKey_file :"<< m_certPrivKeyFileName.c_str()<<"\n"; // Indicate the key file to be used if (SSL_CTX_use_PrivateKey_file(ctx,(char *)m_certPrivKeyFileName.c_str() , SSL_FILETYPE_PEM) <= 0) { std::cout<<"Error loading the private key, error # "<<GetLastError()<<"\n"; ERR_print_errors_fp(stderr); return; } std::cout<<"~~Certificate PrivateKey_file loaded~~\n"; if (SSL_CTX_check_private_key(ctx) == 0) // Make sure the key and certificate file match { std::cout<<"Private key does not match the certificate public key, error # "<<GetLastError()<<"\n"; ERR_print_errors_fp(stderr); return;; } std::cout<<"~~Certificate and private key matched~~\n"; std::cout<<"Accessing Trusted CAs file : "<<m_trustedCAFileName.c_str()<<"\n"; // Set the list of trusted CAs based on the file and/or directory provided*/ if(SSL_CTX_load_verify_locations(ctx,(char *)m_trustedCAFileName.c_str(),CA_DIR)<1) { std::cout<<"Error setting verify location, error # "<<GetLastError()<<"\n"; ERR_print_errors_fp(stderr); return; } std::cout<<"~~CAs file loaded~~\n"; SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); // Set for server verification std::cout<<".... Certificates loaded .... \n\n"; } //=========================================