Hi, I'm getting the following error: ---------------------- SOAP 1.1 fault: SOAP-ENV:Client [no subcode] "SSL_ERROR_SSL error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" Detail: SSL connect failed in tcp_connect() ----------------------
I know the certificate presented to me is invalid and the verification should fail. When using Curl in CLI-mode I used to get: ---------------------- * Connected to efs.telia.se (212.181.222.96) port 7301 (#0) * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * SSLv2, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html ----------------------- I then added their certificate to /etc/ssl/certs/ca-certificates.crt. I now get: ----------------------- * Connected to efs.telia.se (212.181.222.96) port 7301 (#0) * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * SSLv2, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: /C=SE/ST=Norrbotten/L=Lulea/O=TeliaSonera/OU=TeliaSonera Mobile Networks AB/CN=efs.telia.se * start date: 2009-01-08 00:00:00 GMT * expire date: 2011-01-25 23:59:59 GMT * common name: efs.telia.se (matched) * issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA * SSL certificate verify ok. ----------------------- However I still get the same error when using gSOAP. Tried recompiling it. How do I get gSOAP to read from the corrected ca-certificates.crt? Please help! Thanks!
