newbie question

Anshuman Kanetkar Mon, 27 Sep 1999 23:19:24 -0700
Hi
I've written my own SSL client and server based on  s_server.c and
s_client.c .
I use error reporting like that in s_server.c (Only at the server -
end).
i'm using openssl-0.9.4a over NT4.0.
For server side, i use the 'server.pem' cert and 'client.pem' at the
client end.
For the CAfile, i use 'server2.pem' .  All these files were supplied
with openssl.

I use this initialization sequence at server-end

SSL_CTX_load_verify_locations(ctx, "server2.pem", NULL)
SSL_CTX_set_default_verify_paths(ctx)
SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)
SSL_CTX_use_Privatekey_file(ctx, "server.pem", SSL_FILETYPE_PEM)
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file("server2.pem"))
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
my_verify_cb)

At the client end, i do the same stuff with 'client.pem' as the cert.
Now, when i try to do server authentication, i get the following error
at the server end:

openssl-0.9.4\ssl\s3_pkt.c:774:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate unknown SSL alert number 46

For client authentication, i get the error: (at server-end)

openssl-0.9.4\ssl\s3_srvr.c:1623:SSL3_GET_CLIENT_CERTIFICATE: no
certificate returned

But my callback function at the server end gets called for top-level CA
certificate
i.e. Test PCA (1024-bit).

But if I use my server or client with the openssl s_client or s_server,
the certs reach the other end.

is there something i've missed here?
thanks in advance...
-Anshuman Kanetkar



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
newbie question

Reply via email to
