I have written a server and client using the openSSL api
for security. And my problem comes when i want to verify the certificate
at the client side.
Code:
if(SSL_get_verify_result(ssl)!=X509_V_OK)
berr_exit("Certificate doesn't verify");
This function verifies the the certificate, and the function returns
with the error message showed.
But I don't know why the certificate does'nt verify.
On the server I use the certificate & private key that i created with
the openssl command tool.
the code for using the certifcate is:
Code:
// set the locale certificate from cerfile
if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0)
{
fprintf(stderr, "error cert\n");
ERR_print_errors_fp(stderr);
abort();
}
// set the private key from keyfile
if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM) <= 0)
{
fprintf(stderr, "error key\n");
ERR_print_errors_fp(stderr);
abort();
}
// verify private key
if (!SSL_CTX_check_private_key(ctx))
{
fprintf(stderr, "Private key does not math the public certificate\n");
abort();
}
the certificate was created like this
// private key
openssl genrsa -des3 -out server.key 1024
// csr
openssl req -new -days 365 -key server.key -out server.csr
// CA
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
./sign server.csr
------------------------------
i dont know where the error can be.
anyone have any ideas?