You metion that: Server loads its server certificate and private key ( self-signed by a CA that I created). I would liem to clarify: the server cert is a self signed cert? or the CA cert is a self signed cert?
If the server cert is a self signed cert, the server is actually the ca, which in this case, the client needs the server slef signed cert. If the server is not a self-signed cert, make sure that the ca self-signed cert can verify the server cert. You can use the openssl verify CLI to do this. If you can then give the ca cert to client. If i remember correctly, when you set the verify peer to none, the server does not do cert-based auth on the client. however, tls spec specifies that client must do cert-based auth on the server. so, server must send the client its cert. hopefully, my reply make sense. On Wed, Jul 27, 2011 at 3:52 PM, <[email protected]> wrote: > I need some help. > > I am basically stuck and don't know how to fix the handshake and must be > missing something. > Perhaps it is something with the certificates. > > I have a server certificate/privatekey and a CA certificate. > > Server loads its server certificate and private key ( self-signed by a CA > that I created). > The client loads the CA certificate. > > Using memory buffers and blocking IO. > > I begin the handshake by the client intiating hello message. > The server reads message, and data is put in its ssl output. This is sent > back to client. > The client read the data ( SSL_read) and data it populated in the ssl > output. This is sent back to the server. ( it is waiting for more input from > server) > The server reads the data (SSL_read) and nothing is generated in out....but > it is waiting for more information from client. > > Basically I am at a stale mate now. > What information am I missing. > When I go and look at what state the client is in it say it is > UNKWN..........what does this imply???? > > Do I need a client certificate even though I have programmed the server to > be a VERIFY_PEER_NONE? > > Does anybody have any references/books I can go get to help me with this > issue.......I am completely lost and confused. > > Note: I am currently working on windows.
