certificate regeneration problem: how to create certs for use in a client/server application

Wed, 23 Jul 2014 14:28:34 -0700 

Hi,

I have inherited  some c code which implements client/server communication. The 
certs expired last week and there is no documentation as to how the certs were 
generated.

I would like to know the correct sequence of openssl commands to generate the 
certificate files on server S and client C. where server S creates the CA file, 
and signs the certificates for use with client C. 

I am assuming that I have to strip the password to make a PKCS#12 file so that 
the server trusts the client program.

The code fragment which reports that we have a problem with the issuer is as 
follows:

int verify_callback(int preverify_ok, X509_STORE_CTX *store)
{       
        log_message("verify_callback(int preverify_ok, X509_STORE_CTX 
*store)\n");
        if (!preverify_ok)
        {
                char    data[256];
                X509    *cert = X509_STORE_CTX_get_current_cert(store);         
                int             depth = X509_STORE_CTX_get_error_depth(store);
                int             err = X509_STORE_CTX_get_error(store);

                fprintf(stderr, "Error with certificate at depth: %i\n", depth);
                log_message("Error with certificate at depth: %i\n", depth);

                X509_NAME_oneline(X509_get_issuer_name(cert), data, 256);
                fprintf(stderr, "issuer = %s\n", data);
                log_message("Error with issuer\n");

                X509_NAME_oneline(X509_get_subject_name(cert), data, 256);
                fprintf(stderr, "subject = %s\n", data);
                fprintf(stderr, "err %i:%s\n", err, 
X509_verify_cert_error_string(err));

        }
        return preverify_ok;
}

Here is the log:

Jul 23 12:00:40 Daemon started.
Jul 23 12:00:40 init_ssl(void)
Jul 23 12:00:40 thread_setup(void)
Jul 23 12:00:40 SSL_CTX *setup_client_ctx(void)
Jul 23 12:00:40 Loading CA file and/or directory was ok.
Jul 23 12:00:40 Loading default CA file and/or directory was ok.
Jul 23 12:00:40 Loading certificate from file was ok.
Jul 23 12:00:40 Loading private key from file was ok.
Jul 23 12:00:40 Setting cipher list was ok.
Jul 23 12:00:40 Succeeded executing client = BIO_new_connect(address[0])
Jul 23 12:00:40 Succeeded executing BIO_do_connect(client) <= 0)
Jul 23 12:00:40 Succeeded executing ssl = SSL_new(ctx)
Jul 23 12:00:40 verify_callback(int preverify_ok, X509_STORE_CTX *store)
Jul 23 12:00:40 verify_callback(int preverify_ok, X509_STORE_CTX *store)
Jul 23 12:00:40 Error with certificate at depth: 0

Jul 23 12:00:40 Error with issuer

Jul 23 12:00:40 Error creating SSL object.

Jul 23 12:00:40 Failed executing SSL_connect(ssl) <= 0



Thank you,

Dan

Reply via email to