Hi
Our's is a Proxy Server SSL enabled multithreaded application.
We are running on solaris operating system.
we are using OpenSSL library [ openssl-0.9.6 ]
we have serverCA and root CA certificate at the Proxy server application.
our application dumps in "ssl_connect" during certificate chain
verification.
Here the Certificate chain is Root CA---> ServerCA ----- server
What all certficates do we need at the proxy server application to validate
the above certificate chain.
The gdb traces are as follows.
#0 0x0039d424 in X509_NAME_cmp (a=0x14291d0, b=0x1404c18) at
x509_cmp.c:173
173 j=na->value->length-nb->value->length;
(gdb) bt
#0 0x0039d424 in X509_NAME_cmp (a=0x14291d0, b=0x1404c18) at
x509_cmp.c:173
#1 0x003b14fc in X509_check_issued (issuer=0x7a5fb8, subject=0x6bbea8) at
v3_purp.c:528
#2 0x0039eca0 in check_issued (ctx=0xfe8075d8, x=0x6bbea8,
issuer=0x7a5fb8) at x509_vfy.c:339
#3 0x003a2728 in X509_STORE_CTX_get1_issuer (issuer=0xfe807560,
ctx=0xfe8075d8, x=0x6bbea8) at x509_lu.c:500
#4 0x0039e87c in X509_verify_cert (ctx=0xfe8075d8) at x509_vfy.c:243
#5 0x00355e64 in ssl_verify_cert_chain (s=0x8a2498, sk=0x5ae238) at
ssl_cert.c:472
#6 0x00364218 in ssl3_get_server_certificate (s=0x8a2498) at s3_clnt.c:832
#7 0x0036298c in ssl3_connect (s=0x8a2498) at s3_clnt.c:268
#8 0x00350fe0 in SSL_connect (s=0x8a2498) at ssl_lib.c:718
#9 0x000cc4a0 in Sdf_cl_NetworkManager::sslConnect (this=0x5f5c50,
pConnMapElem=0x1a46c20, pErr=0xfe807b30)
at source/networkmanager/src/sdftlsnetwork.cpp:1565
#10 0x000cb4b8 in Sdf_cl_NetworkManager::tlsSelectThread (this=0x5f5c50)
at source/networkmanager/src/sdftlsnetwork.cpp:1015
#11 0x000c9ed0 in Sdf_fn_startTlsSelectThread (pParam=0x5f5c50)
at source/networkmanager/src/sdftlsnetwork.cpp:199
Current language: auto; currently c
Can anyone help us in figuring out the problem. (reason for core dump).
Thanks in Advance
Ajay Kumar
This message is proprietary to Hughes Software Systems Limited (HSS) and is
intended solely for the use of the individual to whom it is addressed. It
may contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified that
you are strictly prohibited from using, copying, altering, or disclosing
the contents of this message. HSS accepts no responsibility for loss or
damage arising from the use of the information transmitted by this email
including damage from virus.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
