Good day, I'm using the attached code to connect to a server. This works perfectly until I had to excange the certificate which now needs two additional intermediate certs. All certs are merged within one file. The code can handle certificate chains as it is able to connect to another server with the same certificate.
I tried to connect the server with my new certificate using openssl and it works fine: openssl s_client -connect the.server.net:700 -cert myCert.pem -CApath mycapath Summary: a.) myCode + myCert -- can connect to ----> server A b.) myCode + myCert -- can't connect to --> server B c.) openssl s_client + myCert -- can connect to ----> server A d.) openssl s_client + myCert -- can connect to ----> server B For b.) I found the following error: 3071740832:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1053:SSL alert number 42 ----- <code> ----- SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); ctx = SSL_CTX_new(SSLv23_client_method()); SSL_CTX_load_verify_locations(ctx, NULL, "mycapath"); SSL_CTX_set_verify_depth(ctx, 5); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); SSL_CTX_use_RSAPrivateKey_file(ctx, "myCert.pem", SSL_FILETYPE_PEM); SSL_CTX_use_certificate_chain_file(ctx, "myCert.pem"); ssl = SSL_new(ctx); SSL_CTX_free(ctx); SSL_set_fd(ssl, socket); SSL_set_connect_state(ssl); if((t = SSL_connect(tv->ssl)) > 0) { syslog(LOG_DEBUG, "SSL-connection successful.\n"); return(1); } ERR_print_errors_fp(stderr); ----- </code> ----- To keep it readable I've removed the error-checking code. All pathes (myCert, mycapath) are valid and accessible. So, any idea why this doesn't work would be greatly appreciated. - Alexandra ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org