<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      On 28/11/17 11:03, <a class="moz-txt-link-abbreviated" href="mailto:wizard2010@gmail.com">wizard2010@gmail.com</a> wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAEAeT_ijLEdUWnyFrANbD9swHZt=ctaA06DoBFrxmnJ5+qyQew@mail.gmail.com">
      <div dir="ltr">Hi there.
        <div><br>
        </div>
        <div>I guess my problem is really related to <span
            style="font-size:12.8px">verify callback
            on SSL_CTX_set_verify function.</span></div>
        <div><span style="font-size:12.8px">I just add to my code a
            dummy callback returning 1 and everything works properly.</span><span
            style="font-size:12.8px"><br>
          </span></div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
        <div>
          <blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px
            solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><span
              style="font-size:12.8px"><br>
            </span><span style="font-size:12.8px">int verify_callback
              (int ok, X509_STORE_CTX *ctx);</span><br>
            <span style="font-size:12.8px">int verify_callback (int ok,
              X509_STORE_CTX *ctx)<br>
            </span><span style="font-size:12.8px">{<br>
            </span><span style="font-size:12.8px">   
              printf("Verification callback OK!\n");<br>
            </span><span style="font-size:12.8px">    return 1;<br>
            </span><span style="font-size:12.8px">}</span><span
              style="font-size:12.8px"><br>
            </span>...<br>
            <span style="font-size:12.8px">SSL_CTX_set_verify(ssl_server_ctx,
              SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
              dtls_verify_callback);<br>
            </span>...</blockquote>
        </div>
        <div style="font-size:12.8px"><br>
        </div>
        <div>The problem is that error don't tell much information about
          what's really going on or what's really missing.</div>
        <div>Thanks for your help.</div>
        <div><br>
        </div>
      </div>
    </blockquote>
    Now you've effectively disabled all security :)<br>
    <br>
    Try adding this to the verify_callback<br>
    <br>
    <br>
    static int verify_callback(int ok, X509_STORE_CTX *ctx)<br>
    {<br>
        X509           *cert = NULL;<br>
        char           *cert_DN = NULL;<br>
    <br>
        printf("ok = %d\n", ok);<br>
        cert    = X509_STORE_CTX_get_current_cert(ctx);<br>
        cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ),
    NULL, 0 ); <br>
        printf( "cert DN: %s\n", cert_DN);<br>
    <br>
    }    <br>
    <br>
    <br>
    that way, you will know whether your server is processing the right
    certificate chain.<br>
    <br>
    HTH,<br>
    <br>
    JJK<br>
    <br>
  </body>
</html>