[openssl-users] SSL alert number 48
Jan Just Keijser
janjust at nikhef.nl
Wed Nov 29 08:56:35 UTC 2017
Hi,
On 28/11/17 11:03, wizard2010 at gmail.com wrote:
> Hi there.
>
> I guess my problem is really related to verify callback on SSL_CTX_set_verify function.
> I just add to my code a dummy callback returning 1 and everything works properly.
>
>
> int verify_callback (int ok, X509_STORE_CTX *ctx);
> int verify_callback (int ok, X509_STORE_CTX *ctx)
> {
> printf("Verification callback OK!\n");
> return 1;
> }
> ...
> SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, dtls_verify_callback);
> ...
>
>
> The problem is that error don't tell much information about what's really going on or what's really missing.
> Thanks for your help.
>
Now you've effectively disabled all security :)
Try adding this to the verify_callback
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
X509 *cert = NULL;
char *cert_DN = NULL;
printf("ok = %d\n", ok);
cert = X509_STORE_CTX_get_current_cert(ctx);
cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ), NULL, 0 );
printf( "cert DN: %s\n", cert_DN);
}
that way, you will know whether your server is processing the right certificate chain.
HTH,
JJK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171129/a9af7458/attachment.html>
More information about the openssl-users
mailing list