Praveen Jothi wrote:
Dear all,I am new to openSSL and an inexperienced C programmer. After compiling openssl library, I was going through the demos for understanding. In the demo after compilation of easy_tls with few warnings, when I run the server and client, it gets connected and able to write and read. But when I start TLS functionality, then the client says E:unable to get local issuer certificate/C=DE/CN=TestServerThe certificates are expired but are right there in the folder. I would like to know if this error is because the certificate is expired or due to some other problem and if possible, how to solve it. Should I create my own certificates with the same paramaters for solving this or how to solve this problem. Thank you very much and awaiting,Pjothi
Just a quick answer without looking at the code of easy_tls:This error message is generated if a certificate needed to verify a certificate chain is not present (as it states itself). I experienced this error if a CA's certificate (maybe an intermediate CA) is neither included in the presented certificate nor present in the CAFile or CA-Directory (as specified in SSL_CTX_load_verify_locations). Maybe you should check the call to SSL_CTX_load_verify_locations and the content of the specified locations.
Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
