Hi,
I have created a test HTTPS client using libcurl for creating a SSL
connection with HTTPS server. The source code is given below:
CURL *curl;
CURLcode res;
unsigned long errorCode = 0;
char error[CURL_ERROR_SIZE];
curl_global_init(CURL_GLOBAL_ALL);
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , 1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 1);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, error);
curl_easy_setopt(curl, CURLOPT_CAINFO , "./ca.cert");
curl_easy_setopt(curl, CURLOPT_URL, "https://
172.16.105.172:9001/");
res = curl_easy_perform(curl);
if (res != CURLE_OK)
{
printf("\nVne::res = %d", res);
curl_easy_getinfo(curl,
CURLINFO_SSL_VERIFYRESULT,&errorCode);
printf("\nVne::errorCode=%d\n",errorCode);
printf("\nVne::error=%s\n",error);
}
curl_easy_cleanup(curl);
}
curl_global_cleanup();
The file ‘ca.cert’ contains the certificate of CA (sample CA
setup by me). The ssl server at 172.16.105.172:9001 is provided wi
th certificate signed by sample CA. But when it tries to create t
he ssl connection to server, if fails with following error:
* About to connect() to 172.16.105.172 port 9001
* Trying 172.16.105.172... * connected
* Connected to 172.16.105.172 (172.16.105.172) port 9001
* successfully set certificate verify locations:
* CAfile: ./trustAnchor
CApath: none
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
* Closing connection #0
Vne::res = 60
Vne::errorCode=0
Vne::error=SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
When I disable the SSL_VERIFYPEER option, then the connection gets
established but with the following warning:
* About to connect() to 172.16.105.172 port 9001
* Trying 172.16.105.172... * connected
* Connected to 172.16.105.172 (172.16.105.172) port 9001
* successfully set certificate verify locations:
* CAfile: ./trustAnchor
CApath: none
* SSL connection using AES256-SHA
* Server certificate:
* subject: /C=IN/ST=GGN/O=Aricent/OU=PRD/CN=172.16.105.172/
[email protected]
* start date: 2010-01-28 04:52:36 GMT
* expire date: 2011-01-28 04:52:36 GMT
* common name: 172.16.105.172 (matched)
* issuer: /C=IN/ST=GGN/L=GGN/O=Aricent/OU=PRD/CN=VNE Root
Certificate/[email protected]
* SSL certificate verify result: error number 1 (9), continuing
anyway.
From where I can get more information about returned error number 1
and (9)? And, why it is not working with VERIFYPEER enabled? Is
there some problem with the certificates that I am using?
One more observation that I have is: When I run this HTTPs client
code on the same machine as SSL server, then the connection gets
established successfully.
Any help is greatly appreciated. Thanks in Advance.
Regards,
Vinay
"DISCLAIMER: This message is proprietary to Aricent and is intended
solely for the use of the individual to whom it is addressed. It
may contain privileged or confidential information and should not
be circulated or used for any purpose other than for what it is
intended. If you have received this message in error, please notify
the originator immediately. If you are not the intended recipient,
you are notified that you are strictly prohibited from using,
copying, altering, or disclosing the contents of this message.
Aricent accepts no responsibility for loss or damage arising from
the use of the information transmitted by this email including
damage from virus."
