Got X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY when there was a root in the store.
I created a self signed certificate and used it to sign a server's certificate. I put root in the client's store, using a custom X509_LOOKUP, overriding the get_by_subject() method. I see that I'm indeed returning the correct certificate in the return object from get_by_subject() and also a return value of X509_LU_X509. I also compared the issuer name of the server certificate and the subject name of the root certificate by printing then using X509_NAME_print_ex(). But what seems to be failing is X509_NAME_cmp(). I saw that the canon_enclen's of the root and server were different by 12 bytes. To be clear, I'm getting the server certificate (which the server loads from a PEM file) during the SSL handshake, while the root certificate was loaded from a DER file. I'm also attaching the certificates in question. The password for the Server.pem file is 'particle'. Any clues? ServerRoot.pem Description: Binary data Server.der Description: Binary data Server.pem Description: Binary data ServerRoot.der Description: Binary data
Re: DTLS new testing ways
I listened to your email using DriveCarefully and will respond as soon as I can. Download DriveCarefully for free at www.drivecarefully.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS new testing ways
Hi Sebastian, On Jan 17, 2011, at 4:12 PM, Sebastian Proca wrote: > It's strange for me how comes that, depending on the specified arguments, I > get two different errors: > > I case : > > # ./dtls_udp_echo 127.0.0.1 > SSL_connect: Connection refused > error::lib(0):func(0):reason(0) > Unexpected error while writing: 5 > error::lib(0):func(0):reason(0) > > II case : > > # ./dtls_udp_echo -p 23232 -V 127.0.0.1 > SSL_connect: Connection refused > error::lib(0):func(0):reason(0) > > Connected to 127.0.0.1 > > Segmentation fault > > Wireshark shows the beginning of dtls negotiation, but it's clear that after > these errors, it stops. > > Does someone know the correct usage of this sample? I'm out of ideas! You probably don't have a server running. Use: ./dtls_udp_echo without any parameters to start a server listening on all available addresses. You can then start a client with: ./dtls_udp_echo 127.0.0.1 All of the examples listed on our website are both server and client. If you specify an address on the command line, it will use it to start a client which connects to it. Otherwise, without an address it will start a server and listen for incoming connections. Best regards Robin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org