Hi,
I have a small program silimar to FTP running on Solaris 2.6 and Windows NT.
IT was working fine
until I replaced my 40-bit Verisign certificate with 128-bit global secure
ID. I got the following error
message:
[Server]
SSL_accept failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate Error No: 0
[Client]
SSL_connect failed: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Error No: -1
I attached the program as follows and I am using SSLEAY 0.9.0b:
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
#ifdef CLIENT
ssl_method = SSLv3_client_method();
#elif SERVER
ssl_method = SSLv3_server_method();
#endif
if (ssl_method == NULL) {
lprintf(stderr, "Failed to set SSL Protocol Method: %s\n",
ERR_error_string(ERR_get_error(), NULL));
return (1);
}
ctx = SSL_CTX_new(ssl_method);
if (ctx == NULL) {
lprintf(stderr, "Failed to create SSL context: %s\n",
ERR_error_string(ERR_get_error(), NULL));
return (1);
}
SSL_CTX_set_quiet_shutdown(ctx, 1);
SSL_CTX_set_options(ctx, SSL_OP_ALL);
if (ciphers) {
SSL_CTX_set_cipher_list(ctx, ciphers);
if (SSL_CTX_load_verify_locations(ctx, CAfile, CApath) != 1) {
lprintf(stderr, "Failed to load CA files: %s\n",
ERR_error_string(ERR_get_error(), NULL));
SSL_CTX_free(ctx);
return 1;
}
if (SSL_CTX_set_default_verify_paths(ctx) != 1) {
lprintf(stderr, "Failed to set verify paths: %s\n",
ERR_error_string(ERR_get_error(), NULL));
SSL_CTX_free(ctx);
return 1;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_CLIENT_ONCE |
SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL);
if (keyPass==NULL)
SSL_CTX_set_default_passwd_cb(ctx, keyCallbackFile);
else
SSL_CTX_set_default_passwd_cb(ctx, keyCallback);
if (set_cert_stuff(ctx, certFile, keyFile)) {
lprintf(stderr, "Failed to setup own Cert/Key\n");
SSL_CTX_free(ctx);
return (1);
}
if (keyPass==NULL) {
if (changePassword()) {
lprintf(stderr,"Failed to change password\n");
return 1;
}
}
.................
ssl = SSL_new(ctx);
if (ssl == NULL) {
lprintf(stderr, "Failed to create SSL handle: %s\n",
ERR_error_string(ERR_get_error(), NULL));
SSL_CTX_free(ctx);
return (1);
}
SSL_set_fd(ssl, sd);
#ifdef CLIENT
err = SSL_connect(ssl);
if (err <= 0) {
lprintf(stderr, "SSL_connect failed: %s Error No: %d\n",
ERR_error_string(ERR_get_error(), NULL), err);
SSL_shutdown(ssl);
SSL_free(ssl);
shutdown(sd, 2);
return (1);
}
#elif SERVER
err = SSL_accept(ssl);
if (err <= 0) {
lprintf(stderr, "SSL_accept failed: %s Error No: %d \n",
ERR_error_string(ERR_get_error(), NULL), err);
SSL_shutdown(ssl);
SSL_free(ssl);
return (1);
}
#endif
....................
Anybody here knows the reason, kindly let me know. Thanks in advance!
Zhong Gang
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
