-
ssl sockets
I have written a server and client using the openSSL api
for security. And my problem comes when i want to verify the certificate
at the client side.
Code:
if(SSL_get_verify_result(ssl)!=X509_V_OK)
berr_exit("Certificate doesn't verify");
This function verifies the the certificate, and the function returns
with the error message showed.
But I don't know why the certificate does'nt verify.
On the server I use the certificate & private key that i created with
the openssl command tool.
the code for using the certifcate is:
Code:
// set the locale certificate from cerfile
if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0)
{
fprintf(stderr, "error cert\n");
ERR_print_errors_fp(stderr);
abort();
}
// set the private key from keyfile
if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM) <= 0)
{
fprintf(stderr, "error key\n");
ERR_print_errors_fp(stderr);
abort();
}
// verify private key
if (!SSL_CTX_check_private_key(ctx))
{
fprintf(stderr, "Private key does not math the public certificate\n");
abort();
}
the certificate was created like this
// private key
openssl genrsa -des3 -out server.key 1024
// csr
openssl req -new -days 365 -key server.key -out server.csr
// CA
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
./sign server.csr
------------------------------
i dont know where the error can be.
anyone have any ideas?
-
try the server side, make sure they both have the same formats. see if you can isolate the exact area of the code it is on. Look for examples on the web similar to your code
http://www.google.com/search?q=SSL+S...mming+on+Linux