Re: SSL alert number 48

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On 27/11/17 17:07, wizard2010@xxxxxxxxx wrote:
Hi there.

I'm getting this error on a TLS server&client that I'm implementing and I can't really understand what I'm doing wrong.

139853560931992:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1487:SSL alert number 48
139853560931992:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:

This is the code of my server: https://pastebin.com/Fyuki8v0 and I generate the certificates this way: https://pastebin.com/CDRKU2Gc
And I'm testing the server this way: openssl s_client -host 127.0.0.1 -port 4444 -cert client.crt -key client.key -CAfile ca.crt

If I run a server this way openssl s_server -key server.key -cert server.crt -CAfile ca.crt -accept 4444
I'm able to communicate with the same certificates and on my server code I always get:
Handshake Error 1
SSL_ERROR_SSL...
 
This is the result of openssl s_client command: https://pastebin.com/AWid1mxi

FWIW: I've downloaded and compiled your code, generated certs using your script (which generates a client and server cert with the same serial number, BTW) and ran the code: I can connect just fine using either openssl 1.0.1e or 1.1.0e

My bet is that when you run your code you are not loading the right ca.crt file ; another way to debug is , is to add a x509 verify callback which prints out each cert as it is passed for verification.

HTH,

JJK

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux