Rahul
Reputation: 21
SSL Certificate verification fails: Using OpenSSL
I am using this code:
void check_cert(SSL* ssl)
{
//ssl initiation
SSL_library_init();
SSL_load_error_strings();
const SSL_METHOD *meth;
meth = SSLv3_method();
SSL_CTX *ctx;
SSL *_ssl;
ctx = SSL_CTX_new(meth);
int result = 0;
//getting the CA certificate
result = SSL_CTX_load_verify_locations(ctx1, "cacert.pem", NULL);
//result = SSL_CTX_load_verify_locations(ctx, NULL, "/home/cdac/Desktop/test/cert");
printf("\nCA load result = %d", result);
//_ssl = SSL_new(ctx);
SSL_CTX_set_verify(ctx1, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx1, 1);
int result_long = SSL_get_verify_result(ssl);
printf("\nCertificate Check Result: %d", result_long);
if (SSL_get_verify_result(ssl) != X509_V_OK)
{
printf("\nCertiticate Verification Failed\n");
//exit(1);
}
else
{
printf("\nCertiticate Verification Succeeded");
}
}
cacert.pem is the CA certificate. When i execute this I get this:
CA load result = 1
Certificate Check Result: 20
Certiticate Verification Failed
Code 20 means:
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
So can anyone help me? Where this fails?
The CA certificate is loading fine. (The load result returns 1).
Upvotes: 2
Views: 1547
Answers (1)
Jay
Reputation: 24895
This can happen if you are getting a Root CA from the peer side and that Root CA is not loaded on the your side.
Upvotes: 1
Related Questions
- Openssl : error "self signed certificate in certificate chain"
- TLS certificate verification failure
- RSA_Verify fails returns Bad signature error
- OpenSSL error: unable to verify the first certificate
- OpenSSL: server cannot verify client certificate
- SSL_connect() produces certificate verify failure
- OpenSSL Ignore Self-signed certificate error
- OpenSSL error "assertion failed"
- Certificate error open ssl C
- OpenSSL code woes