Hi, A few days ago I posted to openssl.users the message i attach below.
I have done some more research and after seeing that the ssl code works on a little endian pc with 0.9.6, the problem is: - with the big-endian Intel IXP425 ARM running 0.9.6 - the code of the application (SER, voip proxy, with TLS). I have seen a few discussions about endiannes, about some test failing ... The next thing i would like to try is to cross-compile OpenSSL 0.9.7 for the IXP425 and install the new libraries. What is the safest way to avoid all conflicts, even big a big-performance penalty? Thanks! Cesc =========================================================================== Certificate verify failed ... incompatible versions 0.9.6m-engine and 0.9.7d? Hi, I am testing an application, which is a server and a client at the same time, connecting or receiving connections from the same application running on other machines. It all worked fine as long as: - All used v.0.9.7d - All of them were running on a i386 pc on debian linux (kernel 2.6.x). Now ... i managed to get the application to run on an ARM embedded system (intel ixp425, but different host byte order), which for now only has openssl version 0.9.6m installed. As said, it all would work fine ... till this ARM with openssl 0.9.6 came into play. Now, I cannot connect or accept connections from/to the ARM platform. If i do an ssl_connect (to a pc-based host), i get: * error: 14090086: SSL routines: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed ... on the ARM-host If i do an ssl_accept (incoming connect from a pc-based host to the arm-host), i get: * error: 140890B2: SSL routines: SSL3_GET_SERVER_CERTIFICATE: no certificate returned ... on the ARM-host I have set VERIFY_PEER and VERIFY_PEER_ONCE, with no verification callback (pointer set to NULL). The certificates and configurations work (root CA is self-signed; server certificates, also used as client certs, are directly signed by root CA, and contain some private X509v3 extensions). On the ARM host i cannot do "openssl verify" ... i only have the libraries, not the binaries for the platform. Things i thought about: i am missing something which 0.9.7 does automatically and 0.9.6 doesn't; a question of byte-order on the hosts; the x509v3 private extensions; the self-signed root ca cert in 0.9.6; ... Any other ideas or solutions? Thanks in advance! Cesc.S ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
