To overcome this, in my get_by_subject lookup method, I'm returning the certificate whose subject when printed with X509_NAME_print_ex() matches with the one being asked for. Before returning however, I'm overwriting the subject and issuer fields by the queried subject. I know this is stupid, so I'll remove this once I figure out what's wrong.
However, after this, I got this: *2694546820:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:* *2694546820:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:699:* *2694546820:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:184:* *2694546820:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1059:* * * * * On Fri, Jan 21, 2011 at 3:50 PM, Karthik Ravikanti < karthik.ravika...@gmail.com> wrote: > Can anybody help me with this? > > > On Wed, Jan 19, 2011 at 10:42 AM, Karthik Ravikanti < > karthik.ravika...@gmail.com> wrote: > >> I created a self signed certificate and used it to sign a server's >> certificate. I put root in the client's store, using a custom X509_LOOKUP, >> overriding the get_by_subject() method. >> I see that I'm indeed returning the correct certificate in the return >> object from get_by_subject() and also a return value of X509_LU_X509. I >> also compared the issuer name of the server certificate and the subject name >> of the root certificate by printing then using X509_NAME_print_ex(). >> >> But what seems to be failing is X509_NAME_cmp(). I saw that the >> canon_enclen's of the root and server were different by 12 bytes. >> >> To be clear, I'm getting the server certificate (which the server loads >> from a PEM file) during the SSL handshake, while the root certificate was >> loaded from a DER file. >> >> I'm also attaching the certificates in question. The password for the >> Server.pem file is 'particle'. >> >> Any clues? >> > >