Hello,
> I am trying to use SSL_CTX_use_certificate_chain_file to load a
> chained certificate, but it return non-1. The wired thing is that it
> doesn't print any error, I try everything ERR_print_errors_fp(),
> Err_get_error(), etc.
>
> The first thing I want to rule out is that the file can't be found.
> So, how does this function search the specified file? Is there any
> setting it takes to do the search? I tried specify the absolute path
> and also tried just put the file in the running directory, but they
> didn't help.
>
> The second thing I did is to check the certificate itself to use the
> command line:
> openssl verify -CAfile root.pem client.pem
> I got the output saying "signature OK".
>
> Any suggestions?
Simple test code attached (and works for me).
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
#include <stdio.h>
#include <errno.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
int main()
{
SSL_CTX *ctx = NULL;
SSL_load_error_strings();
SSL_library_init();
RAND_load_file("/dev/urandom", 1024);
printf("crypto lib: %s\n", SSLeay_version(SSLEAY_VERSION));
if ((ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
goto err;
}
if (SSL_CTX_use_certificate_chain_file(ctx, "./1037.pem") != 1) {
goto err;
}
printf("Success\n");
return (0);
err:
ERR_print_errors_fp(stderr);
return (1);
}
