[openssl-users] SSL alert number 48
wizard2010 at gmail.com
wizard2010 at gmail.com
Wed Nov 29 13:58:59 UTC 2017
On Wed, Nov 29, 2017 at 1:54 PM, Viktor Dukhovni <openssl-users at dukhovni.org
> wrote:
> On Wed, Nov 29, 2017 at 09:56:35AM +0100, Jan Just Keijser wrote:
>
> > Try adding this to the verify_callback
> >
> >
> > static int verify_callback(int ok, X509_STORE_CTX *ctx)
> > {
> > X509 *cert = NULL;
> > char *cert_DN = NULL;
> >
> > printf("ok = %d\n", ok);
> > cert = X509_STORE_CTX_get_current_cert(ctx);
> > cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ), NULL, 0
> );
> > printf( "cert DN: %s\n", cert_DN);
> >
> > }
>
> You've left out the final "return ok;", and there's a new memory
> leak. Closer would be:
>
> static int verify_callback(int ok, X509_STORE_CTX *ctx)
> {
> X509 *cert = NULL;
> char *cert_DN = NULL;
>
> printf("ok = %d\n", ok);
> cert = X509_STORE_CTX_get_current_cert(ctx);
> cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ), NULL,
> 0 );
> printf( "cert DN: %s\n", cert_DN);
>
> OPENSSL_free(cert_DN);
> return ok;
> }
>
>
With that code I've got this:
> ok = 0
> cert DN: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
> Handshake Error 1
>
I can't really understand why this is happen since I'm creating the
certificates with the right way (at least I guess I'm doing this in the
right way).
Thanks for your help.
Kind regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171129/0ad51d6f/attachment-0001.html>
More information about the openssl-users
mailing list