Hi,
On 27/11/17 17:07, wizard2...@gmail.com wrote:
Hi there.
I'm getting this error on a TLS server&client that I'm implementing and I can't
really understand what I'm doing wrong.
139853560931992:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert
unknown ca:s3_pkt.c:1487:SSL alert number 48
139853560931992:error:140790E5:SSL routines:ssl23_write:ssl handshake
failure:s23_lib.c:177:
This is the code of my server: https://pastebin.com/Fyuki8v0 and I generate the certificates this way:
https://pastebin.com/CDRKU2Gc
And I'm testing the server this way: openssl s_client -host 127.0.0.1 -port
4444 -cert client.crt -key client.key -CAfile ca.crt
If I run a server this way openssl s_server -key server.key -cert server.crt
-CAfile ca.crt -accept 4444
I'm able to communicate with the same certificates and on my server code I
always get:
Handshake Error 1
SSL_ERROR_SSL...
This is the result of openssl s_client command: https://pastebin.com/AWid1mxi
FWIW: I've downloaded and compiled your code, generated certs using your script (which generates a client and server cert with
the same serial number, BTW) and ran the code: I can connect just fine using either openssl 1.0.1e or 1.1.0e
My bet is that when you run your code you are not loading the right ca.crt file ; another way to debug is , is to add a x509
verify callback which prints out each cert as it is passed for verification.
HTH,
JJK
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
