Perry L. Jones wrote: > maybe you have not added the extra CA/root certs to the CTX? > > SSL_CTX_add_extra_chain_cert( ctx, x509Cert ) > > Perry
Thanks. It's passing the certificate now, however, when I set the verification depth to 0 on the server end, the client still fails with the message 11373:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1052:SSL alert number 42 11373:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529: I've tried tracking this down, and I cannot seem to find anything that describes why 'bad certificate' is the string associated with this error id. You mentioned that a self-signed certificate wouldn't pass a depth of 0, however, when using s_client and s_server, with these same certificates, it works fine, and it trusts the CA. > > [EMAIL PROTECTED] wrote: > >> [EMAIL PROTECTED] wrote: >> >> >>> 11041:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad >>> certificate:s3_pkt.c:1052:SSL alert number 42 >>> 11041:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake >>> failure:s3_pkt.c:529: >>> >> >> >> I forgot to include the fact that when I use s_client with my server, >> it says: >> >> --- >> No client certificate CA names sent >> --- >> >> ..even though I am calling SSL_CTX_load_verify_locations without errors. >> Hope someone can help me. I've been looking into this for quite some >> time >> now. >> >> Thanks >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] >> >> >> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
