<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
On 28/11/17 11:03, <a class="moz-txt-link-abbreviated" href="mailto:wizard2010@gmail.com">wizard2010@gmail.com</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAEAeT_ijLEdUWnyFrANbD9swHZt=ctaA06DoBFrxmnJ5+qyQew@mail.gmail.com">
<div dir="ltr">Hi there.
<div><br>
</div>
<div>I guess my problem is really related to <span
style="font-size:12.8px">verify callback
on SSL_CTX_set_verify function.</span></div>
<div><span style="font-size:12.8px">I just add to my code a
dummy callback returning 1 and everything works properly.</span><span
style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px
solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><span
style="font-size:12.8px"><br>
</span><span style="font-size:12.8px">int verify_callback
(int ok, X509_STORE_CTX *ctx);</span><br>
<span style="font-size:12.8px">int verify_callback (int ok,
X509_STORE_CTX *ctx)<br>
</span><span style="font-size:12.8px">{<br>
</span><span style="font-size:12.8px">
printf("Verification callback OK!\n");<br>
</span><span style="font-size:12.8px"> return 1;<br>
</span><span style="font-size:12.8px">}</span><span
style="font-size:12.8px"><br>
</span>...<br>
<span style="font-size:12.8px">SSL_CTX_set_verify(ssl_server_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
dtls_verify_callback);<br>
</span>...</blockquote>
</div>
<div style="font-size:12.8px"><br>
</div>
<div>The problem is that error don't tell much information about
what's really going on or what's really missing.</div>
<div>Thanks for your help.</div>
<div><br>
</div>
</div>
</blockquote>
Now you've effectively disabled all security :)<br>
<br>
Try adding this to the verify_callback<br>
<br>
<br>
static int verify_callback(int ok, X509_STORE_CTX *ctx)<br>
{<br>
X509 *cert = NULL;<br>
char *cert_DN = NULL;<br>
<br>
printf("ok = %d\n", ok);<br>
cert = X509_STORE_CTX_get_current_cert(ctx);<br>
cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ),
NULL, 0 ); <br>
printf( "cert DN: %s\n", cert_DN);<br>
<br>
} <br>
<br>
<br>
that way, you will know whether your server is processing the right
certificate chain.<br>
<br>
HTH,<br>
<br>
JJK<br>
<br>
</body>
</html>