Hi all,
I try to check a server's certificate on the client like this, using an
operating system whose name contains an "o":
GC_SSL_Error retVal = GC_SSL_NO_ERROR;
X509* x509cert = SSL_get_peer_certificate(m_ssl_p);
if (x509cert != NULL)
{
//load cert
if(1 != SSL_CTX_load_verify_locations(m_ctx_p,
"C:\\openssl\\certs\\thawteCp.pem", NULL)) retVal = GC_SSL_CERT_LOAD_ERROR;
else {
// check cert
long certVerifyResult = SSL_get_verify_result(m_ssl_p);
// the only successful return code is X509_V_OK = 0
if((certVerifyResult != X509_V_OK) && (GC_SSL_NO_ERROR ==
retVal)) retVal = GC_SSL_CERT_VALID_ERROR;
}
X509_free(x509cert);
}
else retVal = GC_SSL_NO_PEER_CERT;
The problem is, that I receive always the retrun value "20"
(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), when calling the
function SSL_CTX_load_verify_locations.
The certificate thawteCp.pem is located in the given path, the
certificate itself has been delivered by the openssl installation.
I really cannot imagine, what the problem is. Maybe anybody could give
me a hint?.
Thank you and bye
Christian
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
