SSL_get_verify_result

Thu, 29 Mar 2007 15:20:54 -0800 

I need some help with SSL_get_verify_result errors.
I use WindowsXP, Visual C++, OpenSll 0.9.8d

this is my example program:

----------------------------------------------------------------------------------------------------

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[])
{
   BIO * bio;
   SSL * ssl;
   SSL_CTX * ctx;

   int p;

   char * request = "GET /...";

   char r[1024];

SSL_library_init();
   /* Set up the library */

   ERR_load_BIO_strings();
   SSL_load_error_strings();
   OpenSSL_add_all_algorithms();

   /* Set up the SSL context */

   ctx = SSL_CTX_new(SSLv23_client_method());

   /* Load the trust store */
if(! SSL_CTX_load_verify_locations(ctx, "TrustStore.pem", "C:\build\openssl-0.9.8d\certs")) 
   {
       fprintf(stderr, "Error loading trust store\n");
       ERR_print_errors_fp(stderr);
       SSL_CTX_free(ctx);
       return 0;
   }
   /* Setup the connection */

   bio = BIO_new_ssl_connect(ctx);

   /* Set the SSL_MODE_AUTO_RETRY flag */

   BIO_get_ssl(bio, & ssl);
   SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);

   /* Create and setup the connection */

   BIO_set_conn_hostname(bio, "the host I use:https");

   if(BIO_do_connect(bio) <= 0)
   {
       fprintf(stderr, "Error attempting to connect\n");
       ERR_print_errors_fp(stderr);
       BIO_free_all(bio);
       SSL_CTX_free(ctx);
       return 0;
   }

   /* Check the certificate */

   if(SSL_get_verify_result(ssl) != X509_V_OK)
   {
fprintf(stderr, "Certificate verification error: %i\n", SSL_get_verify_result(ssl)); 
       BIO_free_all(bio);
       SSL_CTX_free(ctx);
       return 0;
   }

   /* Send the request */

   BIO_write(bio, request, strlen(request));

   /* Read in the response */

   for(;;)
   {
       p = BIO_read(bio, r, 1023);
       if(p <= 0) break;
       r[p] = 0;
       printf("%s", r);
   }

   /* Close the connection and free the context */

   BIO_free_all(bio);
   SSL_CTX_free(ctx);
   return 0;
}

----------------------------------------------------------------------------------------------------

I am trying to connect to two diferent hosts... and i get diferent errors:
from the first: "Certificate verification error: 19"
the second: "Certificate verification error: 20"

I am using the same TrustStore.pem for both of them...
but I can connect without a problem to for example: www.verisign.com
I dont have experience on SSL, so please, answer me saying specifics things to follow.
Maria 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to