Re: error set to X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Tue, 23 May 2000 19:02:54 -0700 

sanjay reddy gogula wrote:
> 
> Hi All,
> 
> I am facing strange problems in authentication of server certificate.
> 
> I have stored the certificate (the same one which I have installed on
> the server)  in a file ( certificate is PEM format) . I have loaded this
> certificate using:
> 
> if ((!SSL_CTX_load_verify_locations(ssl_ctx,CAfile,CApath)) ||
>      (!SSL_CTX_set_default_verify_paths(ssl_ctx)))
> {
>         //Error
> }
> 
> In the call back function verify_callback(), when
> X509_STORE_CTX_get_error() is used to get the error condition, error
> case that is indicated is X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
> I could not understand the problem?
> 
> Can someone, please, help me in pointing out what could the problem be?
> 
> Here is the stack trace till the verify_callback (if this could be
> useful to you)
> ------------
> main()
> webclient()
> ssl23_connect()
> ssl23_get_server_hello()
> ssl3_connect()
> ssl3_get_server_certificate()
> ssl_verify_cert_chain()
> sslcert_do_verify_cb()
> 
> --------------------
> 
> I shall be very thankful if some one could give some suggestions, which
> might help in solving this problem.
> 
> TIA
> Sanjay
> **************************************************************
> G.Sanjay Reddy
> Systems Manager
> Account BSI, Telecom
> Wipro Technologies
> Survey No 64;Serilingampalli Mandal;
> Madhapur Village;R.R District;
> Hyderabad - 500033
> Tel(Off): 091-040-6565515
> Tel(Res): 091-040-7502643
> Fax     : 091-040-3110042
> E-mail:[EMAIL PROTECTED]
> www.wipro.com
> The World's First SEI CMM Level 5 Software Services Company
> **************************************************************
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]


I have used X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT instead of
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and it worked fine. Try
this one instead. 

I am guessing that this errors means that the certificate of 
your CA can not be verified. Because your CA cert is actually a 
self-signed cert.

___________________________________________________________________
Houman Ghaemi                       www.stormix.com     
Software Developer                  Tel: (604) 688-9137
email: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to