Hi,
I have created a test HTTPS client using libcurl for creating a SSL connection
with HTTPS server. The source code is given below:
CURL *curl;
CURLcode res;
unsigned long errorCode = 0;
char error[CURL_ERROR_SIZE];
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , 1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 1);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, error);
curl_easy_setopt(curl, CURLOPT_CAINFO , "./ca.cert");
curl_easy_setopt(curl, CURLOPT_URL, "https://172.16.105.172:9001/";);
res = curl_easy_perform(curl);
if (res != CURLE_OK)
{
printf("\nVne::res = %d", res);
curl_easy_getinfo(curl, CURLINFO_SSL_VERIFYRESULT,&errorCode);
printf("\nVne::errorCode=%d\n",errorCode);
printf("\nVne::error=%s\n",error);
}
curl_easy_cleanup(curl);
}
curl_global_cleanup();
The file 'ca.cert' contains the certificate of CA (sample CA setup by me). The
ssl server at 172.16.105.172:9001 is provided with certificate signed by sample
CA. But when it tries to create the ssl connection to server, if fails with
following error:
* About to connect() to 172.16.105.172 port 9001
* Trying 172.16.105.172... * connected
* Connected to 172.16.105.172 (172.16.105.172) port 9001
* successfully set certificate verify locations:
* CAfile: ./trustAnchor
CApath: none
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
* Closing connection #0
Vne::res = 60
Vne::errorCode=0
Vne::error=SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
When I disable the SSL_VERIFYPEER option, then the connection gets established
but with the following warning:
* About to connect() to 172.16.105.172 port 9001
* Trying 172.16.105.172... * connected
* Connected to 172.16.105.172 (172.16.105.172) port 9001
* successfully set certificate verify locations:
* CAfile: ./trustAnchor
CApath: none
* SSL connection using AES256-SHA
* Server certificate:
* subject:
/C=IN/ST=GGN/O=Aricent/OU=PRD/CN=172.16.105.172/[email protected]
* start date: 2010-01-28 04:52:36 GMT
* expire date: 2011-01-28 04:52:36 GMT
* common name: 172.16.105.172 (matched)
* issuer: /C=IN/ST=GGN/L=GGN/O=Aricent/OU=PRD/CN=VNE Root
Certificate/[email protected]
* SSL certificate verify result: error number 1 (9), continuing anyway.
>From where I can get more information about returned error number 1 and (9)?
>And, why it is not working with VERIFYPEER enabled? Is there some problem with
>the certificates that I am using?
One more observation that I have is: When I run this HTTPs client code on the
same machine as SSL server, then the connection gets established successfully.
Any help is greatly appreciated. Thanks in Advance.
Regards,
Vinay
________________________________
"DISCLAIMER: This message is proprietary to Aricent and is intended solely for
the use of the individual to whom it is addressed. It may contain privileged or
confidential information and should not be circulated or used for any purpose
other than for what it is intended. If you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you are notified that you are strictly prohibited from using,
copying, altering, or disclosing the contents of this message. Aricent accepts
no responsibility for loss or damage arising from the use of the information
transmitted by this email including damage from virus."
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
