Re: SSL alert number 48

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On 28/11/17 11:03, wizard2010@xxxxxxxxx wrote:
Hi there.

I guess my problem is really related to verify callback on SSL_CTX_set_verify function.
I just add to my code a dummy callback returning 1 and everything works properly.


int verify_callback (int ok, X509_STORE_CTX *ctx);
int verify_callback (int ok, X509_STORE_CTX *ctx)
{
    printf("Verification callback OK!\n");
    return 1;
}
...
SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, dtls_verify_callback);
...

The problem is that error don't tell much information about what's really going on or what's really missing.
Thanks for your help.

Now you've effectively disabled all security :)

Try adding this to the verify_callback


static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
    X509           *cert = NULL;
    char           *cert_DN = NULL;

    printf("ok = %d\n", ok);
    cert    = X509_STORE_CTX_get_current_cert(ctx);
    cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ), NULL, 0 );
    printf( "cert DN: %s\n", cert_DN);

}   


that way, you will know whether your server is processing the right certificate chain.

HTH,

JJK

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux