<div dir="ltr">Hi there.<div><br></div><div>I guess my problem is really related to <span style="font-size:12.8px">verify callback on SSL_CTX_set_verify function.</span></div><div><span style="font-size:12.8px">I just add to my code a dummy callback returning 1 and everything works properly.</span><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><span style="font-size:12.8px"><br></span><span style="font-size:12.8px">int verify_callback (int ok, X509_STORE_CTX *ctx);</span><br><span style="font-size:12.8px">int verify_callback (int ok, X509_STORE_CTX *ctx)<br></span><span style="font-size:12.8px">{<br></span><span style="font-size:12.8px"> printf("Verification callback OK!\n");<br></span><span style="font-size:12.8px"> return 1;<br></span><span style="font-size:12.8px">}</span><span style="font-size:12.8px"><br></span>...<br><span style="font-size:12.8px">SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, dtls_verify_callback);<br></span>...</blockquote></div><div style="font-size:12.8px"><br></div><div>The problem is that error don't tell much information about what's really going on or what's really missing.</div><div>Thanks for your help.</div><div><br></div><div>Kind regards.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 28, 2017 at 9:11 AM, Jan Just Keijser <span dir="ltr"><<a href="mailto:janjust@nikhef.nl" target="_blank">janjust@nikhef.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_7768904368257036042moz-cite-prefix">Hi,<span class=""><br>
<br>
On 27/11/17 17:07, <a class="m_7768904368257036042moz-txt-link-abbreviated" href="mailto:wizard2010@gmail.com" target="_blank">wizard2010@gmail.com</a> wrote:<br>
</span></div><span class="">
<blockquote type="cite">
<div dir="ltr">Hi there.
<div><br>
</div>
<div>I'm getting this error on a TLS server&client that I'm
implementing and I can't really understand what I'm doing
wrong.<br>
</div>
<div><br>
</div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">139853560931992:error:<wbr>14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown
ca:s3_pkt.c:1487:SSL alert number 48<br>
139853560931992:error:<wbr>140790E5:SSL routines:ssl23_write:ssl
handshake failure:s23_lib.c:177:</blockquote>
</div>
<div><br>
</div>
<div>This is the code of my server: <a href="https://pastebin.com/Fyuki8v0" target="_blank">https://pastebin.com/Fyuki8v0</a>
and I generate the certificates this way: <a href="https://pastebin.com/CDRKU2Gc" target="_blank">https://pastebin.com/CDRKU2Gc</a><br>
</div>
<div>And I'm testing the server this way: openssl s_client -host
127.0.0.1 -port 4444 -cert client.crt -key client.key -CAfile
ca.crt<br>
</div>
<div><br>
</div>
<div>If I run a server this way openssl s_server -key server.key
-cert server.crt -CAfile ca.crt -accept 4444<br>
</div>
<div>I'm able to communicate with the same certificates and on
my server code I always get:</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Handshake
Error 1<br>
SSL_ERROR_SSL...</blockquote>
<div> </div>
<div>This is the result of openssl s_client command: <a href="https://pastebin.com/AWid1mxi" target="_blank">https://pastebin.com/AWid1mxi</a><br>
</div>
<br>
</div>
</blockquote></span>
FWIW: I've downloaded and compiled your code, generated certs using
your script (which generates a client and server cert with the same
serial number, BTW) and ran the code: I can connect just fine using
either openssl 1.0.1e or 1.1.0e<br>
<br>
My bet is that when you run your code you are not loading the right
ca.crt file ; another way to debug is , is to add a x509 verify
callback which prints out each cert as it is passed for
verification.<br>
<br>
HTH,<br>
<br>
JJK<br>
<br>
</div>
</blockquote></div><br></div>