I used the code which is more or less standard for verification of certificates:
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,server_verify_cb)
if (!SSL_CTX_load_verify_locations(ctx,CERTPEMFILE,NULL);
{ exit(1); }etc etc where MS_CALLBACK server_verify_cb is taken from /aps/verify.c.
I wrote my own cert x509 pem file as a trusted cerificate. It is selfsigned and its private key is used to sign untrusted pem x509 certificate file. I checked with x509_verify(...) and everything was OK. However, when I run the previous code I get the error message:
depth=0
/c=AU /CN=alex /ou alex /o=alex
state = 0 reason = unable to get local issuer certificate
depth = 0
/c=AU /CN=alex /ou alex /o=alex
state = 0 reason = unable to clerify first certificate.It seems that it can not find the trusted certificate file, or it could not recognise it. Any suggestion?
Actually I have forgotten to put that it NT environment (I am working on), and as such the symlink names (or hash values) are not possible to be implement. Lets say that I have to concatenate certificates (?). Still in that case my CA trusted test CACERTPEM file should be all right provided that is only one file.
THanks in advance.
Regards
Alex
Title: SSL_CTX_load_verify_locations
- SSL_CTX_load_verify_locations Alex Cosic
- Re: SSL_CTX_load_verify_locations Vadim Fedukovich
- Alex Cosic
