This is a collection of reports about email delivery
process concerning a message you originated:
<smtp ipebio15.ise.pw.edu.pl [EMAIL PROTECTED] 1284>: ...\
expired after 3 days, problem was:
smtp; 500 (connect to ipebio15.ise.pw.edu.pl
[194.29.161.106|25|194.29.160.2|55198]: Connection timed out)
Following is a copy of MESSAGE/DELIVERY-STATUS format section below.
It is copied here in case your email client is unable to show it to you.
The information here below is in Internet Standard format designed to
assist automatic, and accurate presentation and usage of said information.
In case you need human assistance from the Postmaster(s) of the system which
sent you this report, please include this information in your question!
Virtually Yours,
Automatic Email delivery Software
Reporting-MTA: dns; elektron.elka.pw.edu.pl
Arrival-Date: Thu, 19 Jul 2001 23:10:28 +0200
Original-Recipient: rfc822;[EMAIL PROTECTED]
Final-Recipient: RFC822;[EMAIL PROTECTED]
Action: failed
Status: 5.4.1 (TCP/IP-connection failure)
Diagnostic-Code: smtp; 500 (connect to ipebio15.ise.pw.edu.pl
[194.29.161.106|25|194.29.160.2|55198]: Connection timed out)
Remote-MTA: dns; ipebio15.ise.pw.edu.pl (194.29.161.106|25|194.29.160.2|55198)
Last-Attempt-Date: Mon, 23 Jul 2001 08:39:39 +0200
Reporting-MTA: dns; elektron.elka.pw.edu.pl
Arrival-Date: Thu, 19 Jul 2001 23:10:28 +0200
Original-Recipient: rfc822;[EMAIL PROTECTED]
Final-Recipient: RFC822;[EMAIL PROTECTED]
Action: failed
Status: 5.4.1 (TCP/IP-connection failure)
Diagnostic-Code: smtp; 500 (connect to ipebio15.ise.pw.edu.pl [194.29.161.106|25|194.29.160.2|55198]: Connection timed out)
Remote-MTA: dns; ipebio15.ise.pw.edu.pl (194.29.161.106|25|194.29.160.2|55198)
Last-Attempt-Date: Mon, 23 Jul 2001 08:39:39 +0200
Hi, all.
To test my sample SSL client program, I created two different CA files
from two different linux machines.
One from the SSL server machine(With the CA.pl -newca command) - the
right one, and another one from the different machine(With the same
CA.pl -newca command) - the false on for the testing.
My purpose was to load these two different CA files into the remote
client program to see if the client code can determine there's an error
during the handshake when I ran the client code with the false one.
I used following two methods to verify the error:
if (!SSL_CTX_load_verify_locations(ctx,"cacert.pem",".")) {
printf("Error, no verification for CA!\n");
exit(5);
}
if (!SSL_CTX_set_options(ctx,SSL_VERIFY_PEER)) {
printf("Error. CERT Error!\n");
exit(6);
}
But surprisingly this client code worked fine with either CA files-
whether it is the right one or false one. :(
Okay, so I tried different approach.
Instead, I used following command and tested again(my_callback function
used in SSL_CTX_set_verify is just my own callback function that prints
out error message):
if (!SSL_CTX_load_verify_locations(ctx,"cacert.pem",".")) {
printf("Error, no verification for CA!\n");
exit(5);
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER,&my_callback);
printf("Error. CERT Error!\n");
exit(6);
}
At this time? Both of CA files caused to call 'my_callback' function
which shouldn't be called with the right CA file.
And error message was 'selfsigned certificate'.
Both of the CA files are causing same result!
Now it's very puzzling to me. What did I miss here?
I created CA files with the 'CA.pl -newca' command and didn't do any
other thing.
I'd very much appreicate it if you could help me on this.
Thanks in advance.
/Best Regards,
Sejin.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
