|
I have a client - server programs, which are refered to
openssl s_server & s_client. And I have my own CA (verisign test Onsite). I
applied certificate for both my server and client from this same test
CA. When I test it in my own client and server program, I found the
following error, although the SSL connection can be established. and when I test
by openssl sample s_server and s_client. It works well, no any error
found.
---- This is log message from my server side:
20000224131514:: *** INFO > SSL_accept:before/accept
initialization
20000224131514:: *** INFO > SSL_accept:SSLv3 read client
hello A
20000224131514:: *** INFO > SSL_accept:SSLv3 write server
hello A
20000224131514:: *** INFO > SSL_accept:SSLv3 write
certificate A
20000224131514:: *** INFO > SSL_accept:SSLv3 write
certificate request A
20000224131514:: *** INFO > SSL_accept:SSLv3 write server
done A
20000224131514:: *** INFO > SSL_accept:SSLv3 flush
data
20000224131514:: *** ERROR > Certificate verify error: num
= 20 : unable to get local issuer certificate
20000224131514:: *** ERROR > Certificate verify error: num
= 21 : unable to verify the first certificate
20000224131514:: *** INFO > SSL_accept:SSLv3 read client
certificate A
20000224131514:: *** INFO > SSL_accept:SSLv3 read client
key exchange A
20000224131514:: *** INFO > SSL_accept:SSLv3 read
certificate verify A
20000224131514:: *** INFO > SSL_accept:SSLv3 read finished
A
20000224131514:: *** INFO > SSL_accept:SSLv3 write change
cipher spec A
20000224131514:: *** INFO > SSL_accept:SSLv3 write finished
A
20000224131514:: *** INFO > SSL_accept:SSLv3 flush
data
I guessed, the error "unable to get local issuer
certificate" means my CA certificate isn't loaded? and error "unable to verify
the first certificate" is generated when checking my server's certificate? Am I
right? I compared the code between my server and openssl s_server,
no differences. I am sure the correct path_file name have been set for my CA
& server. What is the possible reason for it? Any advices?
Dennis
|
