<div dir="ltr">Hi JJK,<div><br></div><div>I test you function and I've got this result:</div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">ok = 0<br>cert DN: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd<br>ok = 1<br>cert DN: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd</blockquote></div><div><br></div><div>Why I see this 2 time?</div><div>When I create the certificates I didn't fill with any special information, just type enter in every question that is made. Did you think this could cause this issue?</div><div><br></div><div>Kind regards.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 29, 2017 at 8:56 AM, Jan Just Keijser <span dir="ltr"><<a href="mailto:janjust@nikhef.nl" target="_blank">janjust@nikhef.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_-2945823362963703202moz-cite-prefix">Hi,<span class=""><br>
<br>
On 28/11/17 11:03, <a class="m_-2945823362963703202moz-txt-link-abbreviated" href="mailto:wizard2010@gmail.com" target="_blank">wizard2010@gmail.com</a> wrote:<br>
</span></div>
<blockquote type="cite">
<div dir="ltr">Hi there.
<div><br>
</div><span class="">
<div>I guess my problem is really related to <span style="font-size:12.8px">verify callback
on SSL_CTX_set_verify function.</span></div>
<div><span style="font-size:12.8px">I just add to my code a
dummy callback returning 1 and everything works properly.</span><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"><span style="font-size:12.8px"><br>
</span><span style="font-size:12.8px">int verify_callback
(int ok, X509_STORE_CTX *ctx);</span><br>
<span style="font-size:12.8px">int verify_callback (int ok,
X509_STORE_CTX *ctx)<br>
</span><span style="font-size:12.8px">{<br>
</span><span style="font-size:12.8px">
printf("Verification callback OK!\n");<br>
</span><span style="font-size:12.8px"> return 1;<br>
</span><span style="font-size:12.8px">}</span><span style="font-size:12.8px"><br>
</span>...<br>
<span style="font-size:12.8px">SSL_CTX_set_verify(ssl_server_<wbr>ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_<wbr>CERT,
dtls_verify_callback);<br>
</span>...</blockquote>
</div>
<div style="font-size:12.8px"><br>
</div>
<div>The problem is that error don't tell much information about
what's really going on or what's really missing.</div>
<div>Thanks for your help.</div>
<div><br>
</div>
</span></div>
</blockquote>
Now you've effectively disabled all security :)<br>
<br>
Try adding this to the verify_callback<br>
<br>
<br>
static int verify_callback(int ok, X509_STORE_CTX *ctx)<br>
{<br>
X509 *cert = NULL;<br>
char *cert_DN = NULL;<br>
<br>
printf("ok = %d\n", ok);<br>
cert = X509_STORE_CTX_get_current_<wbr>cert(ctx);<br>
cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ),
NULL, 0 ); <br>
printf( "cert DN: %s\n", cert_DN);<br>
<br>
} <br>
<br>
<br>
that way, you will know whether your server is processing the right
certificate chain.<br>
<br>
HTH,<br>
<br>
JJK<br>
<br>
</div>
</blockquote></div><br></div>