Hello i am using SSL_CTX_load_verify_locations() to load the CA certs. I have another question that .. How actually the SSL_accept get the client certificate ?? Is its internal function also fetch the CA certificate of the client or it check the CA list of its own that is set by the above function?? Also is it necessary to have same name of CN and CA certificate. As when got the error it shows the details of my client cert with issuer and subject. In issuer it displays all the details whatever i filled during creation... along with CN name of the CA.
Help me out... :-(( Ambarish Mitra wrote: > > > > > vinni rathore a écrit : >> >> hi, >> >> i am stuck with the error "Unable to get local issuer certificate" and >> then "SSL3_GET_CLIENT_CERTIFICATE: peer certificate not return". >> >> I have created my own certificates using Openssl.exe . I have created >> CACert.pem which is self signed CA certificate and then two other >> certificates one is ClientCert.pem and other is ServerCert.pem which >> are signed from the CACert.pem. >> >> I have created OpenSSL server and other side a client supporting Other >> type of library(XySSL). There is no problem at client side. >> Certificate loading got success but verification fails with the above >> written error message. >> > > For some reason, the CA cert is not readable by the client. > This looks like a coding error. Unless you give a minimal code snippet > that > has this problem, it > would be difficult to answer. Have you used the function that set the > verify > certificate? > >> i am using ssl_ctx and its API's for certificate loading and a >> callback function for verification using SSL_ctx_set_verify(ctx, >> <PEER_Verification MODE>, callback function) >> >> Is something i doing wrong ...??? >> or anything more required..??? > > Minimal working code snippet. > >> >> please help.. >> >> Thanks and regards, >> >> > > > DISCLAIMER > ========== > This e-mail may contain privileged and confidential information which is > the property of Persistent Systems Ltd. It is intended only for the use of > the individual or entity to which it is addressed. If you are not the > intended recipient, you are not authorized to read, retain, copy, print, > distribute or use this message. If you have received this communication in > error, please notify the sender and delete all copies of this message. > Persistent Systems Ltd. does not accept any liability for virus infected > mails. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > -- View this message in context: http://www.nabble.com/SSL_ACCEPT...%21%21%21-failure-tp17535204p17553780.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
