[openssl-users] Certificate verification failure

Yan, Bob BYan at visa.com
Fri Jan 29 18:40:45 UTC 2016


Dear Sir/Madam,

I have an application which acting as SSL server. When the application loads the root and intermediate CA files from a CA path, the handshake between my application and openssl client was failed at the point when my application was authenticating the client's certificate. But when I bound the root CA and intermediate CA into a single pem file and reload it from my application, the handshake is successful. Could anybody help me resolve this issue? Below is the sample of my application code for loading the CA certificates:

if (SSL_CTX_load_verify_locations(ctx, caFile, caPath) != 1) {
    exit;
}
if (SSL_CTX_set_default_verify_paths(ctx) != 1) {
    exit;
}
if (SSL_CTX_use_certificate_chain_file(ctx, certFile) != 1) {
    exit;
}
if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) != 1) {
    exit;
}
SSL_CTX_set_verify_depth(ctx, chainDepths);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, callback);
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);

Thank you very much!
Bob

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160129/74b1dd2b/attachment.html>


More information about the openssl-users mailing list