Dear all, Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2 certs - one for client and the other for the server. I have checked that these certificates are ok.
I am attempting to write a SSL client-server program. SSL Server:- Java. It has a keystore, which contains the server cert and the CA cert. SSL Client: C. In the program, using appropraite openssl calls, I have added the cleint certificate, the private key and the CA cert to the context. Please see the code snippet. /* code snippet starts - all error handling removed for readability */ SSLeay_add_ssl_algorithms(); meth = SSLv3_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new (meth); err = SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM); err = SSL_CTX_use_PrivateKey_file(ctx, PvtKeyFile, SSL_FILETYPE_PEM); SSL_CTX_check_private_key(ctx) SSL_CTX_load_verify_locations(ctx, TrustedCACertFile, NULL); /* code snippet ends - all error handling removed for readability */ Initialization is successful, but the handshake fails. We first create TCP socket and then "connect" as shown below. Then, we call SSL_connect, which fails with SSL_ERROR_SSL. At this point, the Java server outputs SSLException "No Trusted certificate". sd = socket(AF_INET, SOCK_STREAM, 0); int c = connect(sd, (struct sockaddr*) &host_id , sizeof(host_id)); // By now, the SSL context is initialized and the TCP sockets are created. // Now, SSLize the TCP sockets. ssl = SSL_new(ctx); // create SSL objects from the SSL context. r = SSL_set_fd (ssl, sd); // Associate the network connection with the SSL object. int err = SSL_connect (ssl); // Initiate the SSL handshake *********FAILS HERE ************ if (err <= 0) { int errcode = SSL_get_error(ssl, err); switch(errcode) { /* other cases */ case SSL_ERROR_SSL: LogMesg(logger, LOGFATAL, "SSL connect: Protocol Error."); break; } } Can anyone please tell me what is happenning? Best regards, Ambarish. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]