The load verify location has to be done before you make the connection.
Christian Graf wrote:
Hi all, I try to check a server's certificate on the client like this, using an operating system whose name contains an "o": GC_SSL_Error retVal = GC_SSL_NO_ERROR; X509* x509cert = SSL_get_peer_certificate(m_ssl_p); if (x509cert != NULL) { //load cert if(1 != SSL_CTX_load_verify_locations(m_ctx_p,"C:\\openssl\\certs\\thawteCp.pem", NULL)) retVal = GC_SSL_CERT_LOAD_ERROR;else { // check cert long certVerifyResult = SSL_get_verify_result(m_ssl_p); // the only successful return code is X509_V_OK = 0 if((certVerifyResult != X509_V_OK) && (GC_SSL_NO_ERROR == retVal)) retVal = GC_SSL_CERT_VALID_ERROR; } X509_free(x509cert); } else retVal = GC_SSL_NO_PEER_CERT; The problem is, that I receive always the retrun value "20" (X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), when calling the function SSL_CTX_load_verify_locations. The certificate thawteCp.pem is located in the given path, the certificate itself has been delivered by the openssl installation. I really cannot imagine, what the problem is. Maybe anybody could give me a hint?. Thank you and bye Christian ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
