[openssl-users] SSL alert number 48

Jan Just Keijser janjust at nikhef.nl
Tue Nov 28 09:11:08 UTC 2017


On 27/11/17 17:07, wizard2010 at gmail.com wrote:
> Hi there.
> I'm getting this error on a TLS server&client that I'm implementing and I can't really understand what I'm doing wrong.
>     139853560931992:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1487:SSL alert number 48
>     139853560931992:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
> This is the code of my server: https://pastebin.com/Fyuki8v0 and I generate the certificates this way: 
> https://pastebin.com/CDRKU2Gc
> And I'm testing the server this way: openssl s_client -host -port 4444 -cert client.crt -key client.key -CAfile ca.crt
> If I run a server this way openssl s_server -key server.key -cert server.crt -CAfile ca.crt -accept 4444
> I'm able to communicate with the same certificates and on my server code I always get:
>     Handshake Error 1
>     SSL_ERROR_SSL...
> This is the result of openssl s_client command: https://pastebin.com/AWid1mxi
FWIW: I've downloaded and compiled your code, generated certs using your script (which generates a client and server cert with 
the same serial number, BTW) and ran the code: I can connect just fine using either openssl 1.0.1e or 1.1.0e

My bet is that when you run your code you are not loading the right ca.crt file ; another way to debug is , is to add a x509 
verify callback which prints out each cert as it is passed for verification.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171128/dcf48468/attachment.html>

More information about the openssl-users mailing list