On 1 Oct 2013, at 3:00 PM, Troyanker, Vlad wrote: > PROBLEM: the server fails SSL connection with SSL_accept: tlsv1 alert unknown > ca > > The funny part I cannot even find where in source code that error (code > SSL_R_TLSV1_ALERT_UNKNOWN_CA) gets thrown. I am looking through > openssl-1.0.1e/ssl/s3_srvr.c > > What am I missing?
That means that the server has sent you the TLS1_AD_UNKNOWN_CA alert (see rfc2246 section 7.2, where it's listed as the "unknown_ca" alert). The SSL_R_foo reasons for alerts are numbered the same as the corresponding TLS protocol constants plus SSL_AD_REASON_OFFSET, which is 1000. From ssl/s3_both.c, it looks like this alert is generated for either the X509_V_ERR_INVALID_CA or X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER errors in verification. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
