SSL_get_verify_result returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY (20)

2007-05-04 Thread Christian Graf

Hi all,

I try to check a server's certificate on the client like this, using an
operating system whose name contains an o:

  GC_SSL_Error retVal = GC_SSL_NO_ERROR;

  X509* x509cert = SSL_get_peer_certificate(m_ssl_p);

  if (x509cert != NULL)
  {
  //load cert
if(1 != SSL_CTX_load_verify_locations(m_ctx_p,
C:\\openssl\\certs\\thawteCp.pem, NULL)) retVal =  GC_SSL_CERT_LOAD_ERROR;
else {
  // check cert
  long certVerifyResult = SSL_get_verify_result(m_ssl_p);
  // the only successful return code is X509_V_OK = 0
  if((certVerifyResult != X509_V_OK)  (GC_SSL_NO_ERROR ==
retVal)) retVal = GC_SSL_CERT_VALID_ERROR;
}

X509_free(x509cert);
  }
  else retVal = GC_SSL_NO_PEER_CERT;


The problem is, that I receive always the retrun value 20
(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), when calling the
function SSL_CTX_load_verify_locations.
The certificate thawteCp.pem is located in the given path, the
certificate itself has been delivered by the openssl installation.

I really cannot imagine, what the problem is. Maybe anybody could give
me a hint?.

Thank you and bye

Christian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


Re: SSL_get_verify_result returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY (20)

2007-05-04 Thread Peter Sylvester


The load verify location has to be done before you make the connection.


Christian Graf wrote:

Hi all,

I try to check a server's certificate on the client like this, using an
operating system whose name contains an o:

  GC_SSL_Error retVal = GC_SSL_NO_ERROR;

  X509* x509cert = SSL_get_peer_certificate(m_ssl_p);

  if (x509cert != NULL)
  {
  //load cert
if(1 != SSL_CTX_load_verify_locations(m_ctx_p,
C:\\openssl\\certs\\thawteCp.pem, NULL)) retVal =  
GC_SSL_CERT_LOAD_ERROR;

else {
  // check cert
  long certVerifyResult = SSL_get_verify_result(m_ssl_p);
  // the only successful return code is X509_V_OK = 0
  if((certVerifyResult != X509_V_OK)  (GC_SSL_NO_ERROR ==
retVal)) retVal = GC_SSL_CERT_VALID_ERROR;
}

X509_free(x509cert);
  }
  else retVal = GC_SSL_NO_PEER_CERT;


The problem is, that I receive always the retrun value 20
(X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY), when calling the
function SSL_CTX_load_verify_locations.
The certificate thawteCp.pem is located in the given path, the
certificate itself has been delivered by the openssl installation.

I really cannot imagine, what the problem is. Maybe anybody could give
me a hint?.

Thank you and bye

Christian
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]





smime.p7s
Description: S/MIME Cryptographic Signature