At 2011-04-30 04:33:43,"Mike Markley" <m...@buddytv.com> wrote:
>I'm trying to establish an SSL connection with a server and my >handshake is failing with 'alert unknown ca' I'm using a self signed >certificate and I'm also specifying SSL_VERIFY_NONE in my call to >SSL_set_verify. Is this message indicating a problem with my self The flag "SSL_VERIFY_NONE" just means that you(here,client) do not want to check your peer(server)'s certificate.On the contrary,the server may check your certificate if it sets a SSL_VERIFY_PEER flag. The 'alert unknown ca' error occurs when SSL checked a wrong cerficate.So I guess that the error is occurred because the server consider the client's certificate is wrong. >signed certificate or is it a problem with the certificate from the >server? The server is supposed to be returning a self signed >certificate as well. Am I missing a call somewhere to allow the server >to use self signed certificates? Many errors can occur 'unknow'.Check your server if it configed correctly and check if you generate the right certificate(be careful to the CN section). By the way , the SSL uses SSL_CTX_load_verify_locations to load a few certificate to verify the certificate which is sent from the peer.It trusted a peer if and only if 1.the peer has a private key versus the certificate which the peer sent. 2.There is a cerficate, in the certificates loaded by the SSL_CTX_load_verify_locations,such that it can verify the peer's certificate. > >Thanks, >Mike >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager majord...@openssl.org
