I have written a server and client using the openSSL api
for security. And my problem comes when i want to verify the certificate
at the client side.
This function verifies the the certificate, and the function returnsCode:if(SSL_get_verify_result(ssl)!=X509_V_OK) berr_exit("Certificate doesn't verify");
with the error message showed.
But I don't know why the certificate does'nt verify.
On the server I use the certificate & private key that i created with
the openssl command tool.
the code for using the certifcate is:
the certificate was created like thisCode:// set the locale certificate from cerfile if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) { fprintf(stderr, "error cert\n"); ERR_print_errors_fp(stderr); abort(); } // set the private key from keyfile if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM) <= 0) { fprintf(stderr, "error key\n"); ERR_print_errors_fp(stderr); abort(); } // verify private key if (!SSL_CTX_check_private_key(ctx)) { fprintf(stderr, "Private key does not math the public certificate\n"); abort(); }
// private key
openssl genrsa -des3 -out server.key 1024
// csr
openssl req -new -days 365 -key server.key -out server.csr
// CA
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
./sign server.csr
------------------------------
i dont know where the error can be.
anyone have any ideas?
