Re: Problem with unknown CA

Sat, 30 Apr 2011 14:07:48 -0700 

Thanks, We're still learning a lot about how this all works. Tracked
this down to a different issue in our code base.

2011/4/30 Ziyu Liu <lzyz...@126.com>:
>
> At 2011-04-30 04:33:43,"Mike Markley" <m...@buddytv.com> wrote:
>
>>I'm trying to establish an SSL connection with a server and my
>>handshake is failing with 'alert unknown ca' I'm using a self signed
>>certificate and I'm also specifying SSL_VERIFY_NONE in my call to
>>SSL_set_verify. Is this message indicating a problem with my self
>
> The flag "SSL_VERIFY_NONE" just means that you(here,client) do not
> want to check your peer(server)'s certificate.On the contrary,the server
> may check your certificate if it sets a SSL_VERIFY_PEER flag.
>
> The 'alert unknown ca' error occurs when SSL checked a wrong cerficate.So I
> guess that the error is occurred because the server consider the client's
> certificate is wrong.
>
>
>  >signed certificate or is it a problem with the certificate from the
>>server? The server is supposed to be returning a self signed
>>certificate as well. Am I missing a call somewhere to allow the server
>>to use self signed certificates?
>
> Many errors can occur 'unknow'.Check your server if it configed correctly
> and check if you generate the right certificate(be careful to the CN
> section).
> By the way , the SSL uses SSL_CTX_load_verify_locations to load a few
> certificate to verify the certificate which is sent from the peer.It trusted
> a peer if and only if
> 1.the peer has a private key versus the certificate which the peer sent.
> 2.There is a cerficate, in the certificates loaded by the
> SSL_CTX_load_verify_locations,such that it can verify the peer's
> certificate.
>>
>>Thanks,
>>Mike
>>______________________________________________________________________
>>OpenSSL Project                                 http://www.openssl.org
>>User Support Mailing List                    openssl-users@openssl.org
>>Automated List Manager                           majord...@openssl.org
>
>
> ________________________________
> 体验网易邮箱2G超大附件,轻松发优质大电影、大照片,提速3倍!
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to