> From: [email protected] On Behalf Of Jeremy Hunt
> Sent: Monday, 04 October, 2010 19:08
> You are reading files, see inline for discussion.
> On 5/10/2010 7:36 AM, irivas wrote:
> SSL_CTX_load_verify_locations(ctx,NULL,"foldername);//ctx is
a SSL_CTX*
> See
http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html
<snip>
> If you look at the error below it is reading the certificate file.
I don't think so.
> Try running a filter like unix2dos on your certificate files, and probably
> your configuration files on your OpenVMS system. Your certificate files
are
> flat ascii files.
I agree this could be *another* issue when he does get to verifying.
Note that VMS files don't have *just* NL or CRLF; they have additional
attributes (metadata) like "STREAM WITH CARRIAGE CONTROL". I don't know
exactly what attributes are needed/allowed for files read by C stdio,
which OpenSSL uses, but whatever they are should be done. (This is
the same general category as unix2dos but quite different in detail.)
His application doesn't appear to be using openssl.conf. If the app
has its own config data he has presumably dealt with that already
before getting to the point of calling OpenSSL routines.
<snip much and fix formatting>
>>545318540:error:0D07809F:asn1 encoding
routines:ASN1_ITEM_EX_D2I:unexpected
>>eoc:TASN_DEC:337:Type=X509_ALGOR
>>545318540:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested
>>asn1 error:TASN_DEC:566:Field=sig_alg, Type=X509
>>545318540:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1
>>lib:S3_CLNT:816:$!
> NOTE:
> SSL3_GET_SERVER_CERTIFICATE
1409000D F_SSL3_GET_SERVER_CERTIFICATE R_ASN1_LIB sure looks to me
like parsing the wire message.
If verification failed because it couldn't parse the store, that's
14090086 F_SSL3_GET_SERVER_CERTIFICATE R_CERTIFICATE_VERIFY_FAILURE
with an error stack including at least 0B06F009.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
