Hi, I have a problem with the openssl s_server (v1.0.1c) when requesting a client certificate. I'm developing my own TLS 1.2 implementation (for embedded platforms), and I'm stuck with a problem with using the client certificate. I already implemented TLS 1.0 earlier, so it's not completely new for me, and it worked fine even with client certificates. My current implementation can handle TLS 1.2 handshakes without client authentication, as well as TLS 1.0 with or without client authentication. When I try to connect to the openssl server, the handshake goes as far as the client having sent its messages up to (including) 'change cipher spec'. But then the server sends an alarm (decrypt error). The openssl server console tells me some strange error:
ACCEPT bad gethostbyaddr depth=1 CN = TestAndDevRootAuthority verify return:1 depth=0 CN = MyClient verify return:1 1696:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:.\crypto\asn1\asn1_lib.c:142: 1696:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:.\crypto\asn1\tasn_dec.c:1306: 1696:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:381:Type=X509_SIG 1696:error:1408807B:SSL routines:SSL3_GET_CERT_VERIFY:bad signature:.\ssl\s3_srvr.c:3049: 1696:error:140780E5:SSL routines:SSL23_READ:ssl handshake failure:.\ssl\s23_lib.c:131: ACCEPT I'm most confused by the ASN1 errors. I debugged the openssl server beginning at the function ssl3_get_cert_verify() and through some functions to pkey_rsa_verify(). Here I found a call of RSA_verify() that never called this function but always called CMS_RecipientInfo_type(). That seems to be so wrong, and I don't understand why this function call is misguided. Why does is call the wrong function? Any ideas? I build the openssl.exe using the batch file to build openssl with Visual Studio 2010. I'd be pleased for any hint. Regards, Thorsten Albers