<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 29, 2017 at 1:54 PM, Viktor Dukhovni <span dir="ltr"><<a href="mailto:openssl-users@dukhovni.org" target="_blank">openssl-users@dukhovni.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On Wed, Nov 29, 2017 at 09:56:35AM +0100, Jan Just Keijser wrote:<br>
<br>
> Try adding this to the verify_callback<br>
><br>
><br>
> static int verify_callback(int ok, X509_STORE_CTX *ctx)<br>
> {<br>
> X509 *cert = NULL;<br>
> char *cert_DN = NULL;<br>
><br>
> printf("ok = %d\n", ok);<br>
> cert = X509_STORE_CTX_get_current_<wbr>cert(ctx);<br>
> cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ), NULL, 0 );<br>
> printf( "cert DN: %s\n", cert_DN);<br>
><br>
> }<br>
<br>
</span>You've left out the final "return ok;", and there's a new memory<br>
leak. Closer would be:<br>
<span class="gmail-"><br>
static int verify_callback(int ok, X509_STORE_CTX *ctx)<br>
{<br>
X509 *cert = NULL;<br>
char *cert_DN = NULL;<br>
<br>
printf("ok = %d\n", ok);<br>
cert = X509_STORE_CTX_get_current_<wbr>cert(ctx);<br>
cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ), NULL, 0 );<br>
printf( "cert DN: %s\n", cert_DN);<br>
<br>
</span> OPENSSL_free(cert_DN);<br>
return ok;<br>
}<br>
<span class="gmail-HOEnZb"><font color="#888888"><br></font></span></blockquote><div><br></div><div>With that code I've got this:</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">ok = 0<br>cert DN: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd<br>Handshake Error 1<br></blockquote><div><br></div><div>I can't really understand why this is happen since I'm creating the certificates with the right way (at least I guess I'm doing this in the right way).</div><div><br></div><div>Thanks for your help.</div><div>Kind regards. </div></div></div></div>