SSL_get_verify_result returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY (20)
Hi all, I try to check a server's certificate on the client like this, using an operating system whose name contains an o: GC_SSL_Error retVal = GC_SSL_NO_ERROR; X509* x509cert = SSL_get_peer_certificate(m_ssl_p); if (x509cert != NULL) { //load cert if(1 != SSL_CTX_load_verify_locations(m_ctx_p, C:\\openssl\\certs\\thawteCp.pem, NULL)) retVal = GC_SSL_CERT_LOAD_ERROR; else { // check cert long certVerifyResult = SSL_get_verify_result(m_ssl_p); // the only successful return code is X509_V_OK = 0 if((certVerifyResult != X509_V_OK) (GC_SSL_NO_ERROR == retVal)) retVal = GC_SSL_CERT_VALID_ERROR; } X509_free(x509cert); } else retVal = GC_SSL_NO_PEER_CERT; The problem is, that I receive always the retrun value 20 (X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), when calling the function SSL_CTX_load_verify_locations. The certificate thawteCp.pem is located in the given path, the certificate itself has been delivered by the openssl installation. I really cannot imagine, what the problem is. Maybe anybody could give me a hint?. Thank you and bye Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_get_verify_result returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY (20)
The load verify location has to be done before you make the connection. Christian Graf wrote: Hi all, I try to check a server's certificate on the client like this, using an operating system whose name contains an o: GC_SSL_Error retVal = GC_SSL_NO_ERROR; X509* x509cert = SSL_get_peer_certificate(m_ssl_p); if (x509cert != NULL) { //load cert if(1 != SSL_CTX_load_verify_locations(m_ctx_p, C:\\openssl\\certs\\thawteCp.pem, NULL)) retVal = GC_SSL_CERT_LOAD_ERROR; else { // check cert long certVerifyResult = SSL_get_verify_result(m_ssl_p); // the only successful return code is X509_V_OK = 0 if((certVerifyResult != X509_V_OK) (GC_SSL_NO_ERROR == retVal)) retVal = GC_SSL_CERT_VALID_ERROR; } X509_free(x509cert); } else retVal = GC_SSL_NO_PEER_CERT; The problem is, that I receive always the retrun value 20 (X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), when calling the function SSL_CTX_load_verify_locations. The certificate thawteCp.pem is located in the given path, the certificate itself has been delivered by the openssl installation. I really cannot imagine, what the problem is. Maybe anybody could give me a hint?. Thank you and bye Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature