hi,
I have tested the SSL handshake but failing when
verifying server certificate
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. I
generated the self signed CA and used the same CAcert
to verify using openssl verify and also using openssl
s_client -verify 1 -CAfile and it seems to be working
perfectly ok.
Since i dont have a file system on embedded platform i
cannot use SSL_CTX_load_verify_locations().
I have converted the CAcert file from base64 format
to C structure using openssl utility and i am calling
SSL_CTX_use_certificate(ctx,x). Still i see that there
is an error some where. I tried calling
SSL_CTX_add_extra_chain_cert, but did not help.
Can anyone let me know what's wrong in my code?
unsigned char CA_cert[811]={
0x30,0x82,0x03,0x27,0x30,0x82,0x02,0x90,0xA0,0x03,0x02,.....};
void ssl_client (void)
{
SSLeay_add_ssl_algorithms();
meth = SSLv3_client_method();
SSL_load_error_strings();
ctx = SSL_CTX_new (meth);
SSL_CTX_set_cipher_list(ctx,SSL3_TXT_RSA_RC4_40_MD5);
{
X509 *x=NULL;
unsigned char* c;
/* load our CA cert into the certificate chain */
c = CA_cert;
x = d2i_X509(NULL,&c,(long) sizeof(CA_cert));
if( x == NULL ){
goto end;
}
if(!SSL_CTX_add_extra_chain_cert(ctx,x)){
goto end;
}
socket(..);
.
.
SSL_connect()
.
/* verify the server certificate */
err= SSL_get_verify_result(SSL *ssl);
.
}
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
