Re: some doubt about ssl programming

Tue, 13 Mar 2007 07:00:29 -0800 

Hi,

If you are using the certificates from the source code that is given at the 
mentioned link - looks like this source code was last touched on 10.01.2002 so 
I doubt that those certs are recent (and when I was testing them sometime in 
October 2006 they had expired). Another thing could be the self-signed 
certificates. I think you can solve that by simply loading the proper 
credentials in SSL_load_verify_locations(). Can you tell what error number do 
you get from SSL_get_verify_result() - this function returns always some value. 
This can be then checked in the man pages of verify(1) and you can see what is 
the problem.

Vladislav
  ----- Original Message ----- 
  From: Suchindra Chandrahas 
  To: openssl-users@openssl.org 
  Sent: Tuesday, March 13, 2007 2:18 PM
  Subject: Re: some doubt about ssl programming


  Part 1 and Part 2 are the PDFs that were given in openssl.org

  Well, the problem is still doubtful because  1. The server certificates are 
recent (not expired), and 2. But they are self signed certificates (this might 
be a problem !)

  Thanks for the replies 

  Regards,
  Suchindra Chandrahas

  Goetz Babin-Ebell <[EMAIL PROTECTED]> wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Suchindra Chandrahas schrieb:
    > Hi All,
    Hi Suchindra,

    > Saw the part1 and part2. Trying to understand the stuff.
    > I got some client examples given there. I have downloaded "sclient".
    ???
    Which part1 and part2 ?

    > 
    > if(SSL_get_verify_result(ssl)!=X509_V_OK)
    > 39 berr_exit("Certificate doesn't verify");
    > 
    > 
    > 
    > Does this mean that the host's certificate is not a X509 certificate ?
    No it means that the verification of the X509 certificate verify
    functionality detewcted an error.

    Bye

    Goetz
    - --
    DMCA: The greed of the few outweights the freedom of the many
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFF9pAt2iGqZUF3qPYRAvd9AJ9k2c9NjYsACnPKqOdz1lWm68QPFQCeOunj
    vjW22hsEEL150sNcdpLTYFY=
    =o5nx
    -----END PGP SIGNATURE-----
    ______________________________________________________________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager [EMAIL PROTECTED]





------------------------------------------------------------------------------
  Need Mail bonding?
  Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.

Reply via email to