SSL_connect fails with SSL_ERROR_SSL

Tue, 31 Jan 2006 02:04:36 -0800 

Dear all,

Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2
certs - one for client and the other for the server. I have checked that
these certificates are ok.

I am attempting to write a SSL client-server program.

SSL Server:- Java. It has a keystore, which contains the server cert and the
CA cert.

SSL Client: C. In the program, using appropraite openssl calls, I have added
the cleint certificate, the private key and the CA cert to the context.
Please see the code snippet.

/* code snippet starts - all error handling removed for readability */
                SSLeay_add_ssl_algorithms();
                meth = SSLv3_client_method();
                SSL_load_error_strings();

                ctx = SSL_CTX_new (meth);
                err = SSL_CTX_use_certificate_file(ctx, CertFile, 
SSL_FILETYPE_PEM);
                err = SSL_CTX_use_PrivateKey_file(ctx, PvtKeyFile, 
SSL_FILETYPE_PEM);
                SSL_CTX_check_private_key(ctx)

                SSL_CTX_load_verify_locations(ctx, TrustedCACertFile, NULL);

/* code snippet ends - all error handling removed for readability */


Initialization is successful, but the handshake fails. We first create TCP
socket and then "connect" as shown below. Then, we call SSL_connect, which
fails with SSL_ERROR_SSL. At this point, the Java server outputs
SSLException "No Trusted certificate".

        sd = socket(AF_INET, SOCK_STREAM, 0);
        int c = connect(sd, (struct sockaddr*) &host_id , sizeof(host_id));

// By now, the SSL context is initialized and the TCP sockets are created.
// Now, SSLize the TCP sockets.

        ssl = SSL_new(ctx);                     // create SSL objects from the 
SSL context.
        r = SSL_set_fd (ssl, sd);               // Associate the network 
connection with the SSL
object.

        int err = SSL_connect (ssl);    // Initiate the SSL handshake 
*********FAILS
HERE ************
        if (err <= 0)
        {
                int errcode = SSL_get_error(ssl, err);
                switch(errcode)
                {
                        /* other cases */
                        case SSL_ERROR_SSL: LogMesg(logger, LOGFATAL, "SSL 
connect: Protocol
Error."); break;
                }
        }


Can anyone please tell me what is happenning?


Best regards,
Ambarish.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to