<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
On 27/11/17 17:07, <a class="moz-txt-link-abbreviated" href="mailto:wizard2010@gmail.com">wizard2010@gmail.com</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAEAeT_imeOGKfyrHjPbFeDfh-fdEDpGribdUnfavyVbHV7QyjQ@mail.gmail.com">
<div dir="ltr">Hi there.
<div><br>
</div>
<div>I'm getting this error on a TLS server&client that I'm
implementing and I can't really understand what I'm doing
wrong.<br>
</div>
<div><br>
</div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">139853560931992:error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown
ca:s3_pkt.c:1487:SSL alert number 48<br>
139853560931992:error:140790E5:SSL routines:ssl23_write:ssl
handshake failure:s23_lib.c:177:</blockquote>
</div>
<div><br>
</div>
<div>This is the code of my server: <a
href="https://pastebin.com/Fyuki8v0" moz-do-not-send="true">https://pastebin.com/Fyuki8v0</a>
and I generate the certificates this way: <a
href="https://pastebin.com/CDRKU2Gc" moz-do-not-send="true">https://pastebin.com/CDRKU2Gc</a><br>
</div>
<div>And I'm testing the server this way: openssl s_client -host
127.0.0.1 -port 4444 -cert client.crt -key client.key -CAfile
ca.crt<br>
</div>
<div><br>
</div>
<div>If I run a server this way openssl s_server -key server.key
-cert server.crt -CAfile ca.crt -accept 4444<br>
</div>
<div>I'm able to communicate with the same certificates and on
my server code I always get:</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Handshake
Error 1<br>
SSL_ERROR_SSL...</blockquote>
<div> </div>
<div>This is the result of openssl s_client command: <a
href="https://pastebin.com/AWid1mxi" moz-do-not-send="true">https://pastebin.com/AWid1mxi</a><br>
</div>
<br>
</div>
</blockquote>
FWIW: I've downloaded and compiled your code, generated certs using
your script (which generates a client and server cert with the same
serial number, BTW) and ran the code: I can connect just fine using
either openssl 1.0.1e or 1.1.0e<br>
<br>
My bet is that when you run your code you are not loading the right
ca.crt file ; another way to debug is , is to add a x509 verify
callback which prints out each cert as it is passed for
verification.<br>
<br>
HTH,<br>
<br>
JJK<br>
<br>
</body>
</html>