RE: Question on SSL_connect

Wed, 08 Feb 2006 04:33:23 -0800 

Chong,

With response to your e-mail, I used ERR_error_string and this is the
output:

Error: [error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown]


This is how I used it -- the error was in SSL_connect.

  err = SSL_connect (ssl);
  if (err <=0)
  {
        unsigned long ErrCode = ERR_get_error();
        char ErrBuf[120];
        ERR_error_string(ErrCode, ErrBuf);
        fprintf(stderr, "Error: [%s]\n", ErrBuf);  // This prints the above
output.
   }

Can anybody help me out please?

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Chong Peng
Sent: Friday, February 03, 2006 10:31 PM
To: openssl-users@openssl.org
Subject: RE: Question on SSL_connect



have you tried to call "ERR_error_string" to find out what exactly is going
on? could be that the server and client are using different version of ssl.

-----Original Message-----
From: Ambarish Mitra [mailto:[EMAIL PROTECTED]
Sent: Friday, February 03, 2006 1:27 AM
To: openssl-users@openssl.org
Subject: Question on SSL_connect


On SSL_connect, the openssl documentation mentions that: "initiate the
TLS/SSL handshake with an TLS/SSL server"

I have created the client cert and loaded into the context with
"SSL_CTX_use_certificate_file" and the corresponding private key with
"SSL_CTX_use_PrivateKey_file". This association works since the the call
"SSL_CTX_check_private_key" succeeded.

In SSL_connect, does the client program send out the client certificate to
the server as a part of handshake?


Now, my server is Java based, and I do not have much idea on JVM keystores.
It looks like the keystore holds the CA cert and also the server cert. This
CA is also the one who issued the client cert.

I am getting an error "SSL_ERROR_SSL" with SSL_connect() returning <=0.

Under what circumstances does SSL_connect return this error?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to