Hi,

I'm getting the following error:
----------------------
SOAP 1.1 fault: SOAP-ENV:Client [no subcode]
"SSL_ERROR_SSL
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed"
Detail: SSL connect failed in tcp_connect()
----------------------

I know the certificate presented to me is invalid and the verification
should fail.
When using Curl in CLI-mode I used to get:
----------------------
* Connected to efs.telia.se (212.181.222.96) port 7301 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
-----------------------

I then added their certificate to /etc/ssl/certs/ca-certificates.crt.
I now get:
-----------------------
* Connected to efs.telia.se (212.181.222.96) port 7301 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*        subject: /C=SE/ST=Norrbotten/L=Lulea/O=TeliaSonera/OU=TeliaSonera
Mobile Networks AB/CN=efs.telia.se
*        start date: 2009-01-08 00:00:00 GMT
*        expire date: 2011-01-25 23:59:59 GMT
*        common name: efs.telia.se (matched)
*        issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms
of use at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3
Secure Server CA
* SSL certificate verify ok.
-----------------------

However I still get the same error when using gSOAP. Tried recompiling
it. How do I get gSOAP to read from the corrected ca-certificates.crt?
Please help!
Thanks!

Reply via email to