Re: SSL_CTX_use_certificate_chain_file failure

Fri, 31 Aug 2007 02:27:03 -0700 

Hi,

I am seeing a similar case as addressed in this mail.
Here is the extract of the message I posted earlier:

The client application spawns one thread for each connection with the
server. Each thread is having its own SSL_CTX* object.
When 100 connections are to be made, once the SSL library in initialised -
SSL_library_init().And 100 threads are created and each connect with server
with their own SSL_CTX* object. All object will be using the same set of
certificates from one common location. However I see that almost every time
some threads report  SSL_CTX_use_certificate_chain_file() returning zero.

To get the error string I have this piece of code:

   if(!(SSL_library_init()))
       cout << " Error Initializing SSL Libraries" << endl;
    SSL_load_error_strings();
    unsigned long lerr=0;

    ERR_clear_error();
   if(SSL_CTX_use_certificate_chain_file(ctx,clientcert) !=1) {

                unsigned long lerr = ERR_peek_last_error();
                char lstr[150];
                ERR_error_string(lerr,lstr);
                cout << "Error String -> " << lstr << endl;
                ERR_clear_error();

               cout << "Coudn't load Client  PEM Certificate file:"
<<clientcert<<endl;
                SSL_CTX_free(ctx);
   }

The error string thats shown is :
Error String -> error:00000000:lib(0):func(0):reason(0)

Thanks,
Prabhu. S

On 8/30/07, Marek Marcola <[EMAIL PROTECTED]> wrote:
>
> Hello,
> > I am trying to use SSL_CTX_use_certificate_chain_file to load a
> > chained certificate, but it return non-1.  The wired thing is that it
> > doesn't print any error, I try everything ERR_print_errors_fp(),
> > Err_get_error(), etc.
> >
> > The first thing I want to rule out is that the file can't be found.
> > So, how does this function search the specified file? Is there any
> > setting it takes to do the search? I tried specify the absolute path
> > and also tried just put the file in the running directory, but they
> > didn't help.
> >
> > The second thing I did is to check the certificate itself to use the
> > command line:
> > openssl verify -CAfile root.pem client.pem
> > I got the output saying "signature OK".
> >
> > Any suggestions?
> Simple test code attached (and works for me).
>
> Best regards,
> --
> Marek Marcola < [EMAIL PROTECTED]>
>
>

Reply via email to