On Tue, Apr 01, 2003, Avinash Agarwal wrote: > Hello all, > > > > I have a server implemented using openssl libs and a client which is > implemented using RSA libs. > > > > The handshake is failing and I get the following errors > > > > on the client : > > “ > > - Certificate chain didn't validate: Incomplete certificate > > - CA is Unknown CA > > SSL: Certificate validate failed -- Incomplete certificate > > SSL: Hand shaking failed -- Incomplete certificate. > > SSL: Client closing SSL connection > > “ > > > > on the server: > > “ > > 1653:error:140943E8:SSL > routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:985:SSL alert number 0 > > “ > > > > I also have another client implemented using openssl libs and the > handshake happens fine with the server. > > > > The point where its failing is where the client (with RSA libs) does a > check for verifying the cert chain. > > Its complains that its unable to get the CA-cert. > > > > Could anyone give me pointers on what could be the problem .. is there > some incompatibility between the two libs ? > > >
It looks like the client can't verify the servers certificate chain. If there are any intermediate certificates in the chain then the server should send those: you can use the s_client utility with -showcerts to see what it is sending. Also the client needs to trust the servers root CA if it doesn't already. You'll have to check whatever documentation comes with the client to see how to do that. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
