Hi, everybody.
I'm currently trying to implement a server/client system where the server will
only
accept connections from clients whose certificate was signed by the server's CA.
For security reasons, the client also does verification. When I use s_server,
the client-side verification works.
[EMAIL PROTECTED] wrote:
11041:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate:s3_pkt.c:1052:SSL alert number 42
11041:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:529:
I forgot to include the fact that when I use s_client with my
if set to 0 it will verify the whole cert chain of any length. root -
CA1 - CA2 -EE
if set to a number greater then 0 it will verify only chains of that
length or less. If the cert chain is greater then the given number
validation will fail.
In the case below I would think that it would
maybe you have not added the extra CA/root certs to the CTX?
SSL_CTX_add_extra_chain_cert( ctx, x509Cert )
Perry
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
11041:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate:s3_pkt.c:1052:SSL alert number 42
Perry L. Jones wrote:
maybe you have not added the extra CA/root certs to the CTX?
SSL_CTX_add_extra_chain_cert( ctx, x509Cert )
Perry
Thanks. It's passing the certificate now, however, when I set the verification
depth to 0
on the server end, the client still fails with the message
