Hi JJK,
I test you function and I've got this result:
ok = 0
cert DN: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
ok = 1
cert DN: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
Why I see this 2 time?
When I create the certificates I didn't fill with any special information, just type enter in every question that is made. Did you think this could cause this issue?
Kind regards.
On Wed, Nov 29, 2017 at 8:56 AM, Jan Just Keijser <janjust@xxxxxxxxx> wrote:
Hi,
On 28/11/17 11:03, wizard2010@xxxxxxxxx wrote:
Now you've effectively disabled all security :)Hi there.
I guess my problem is really related to verify callback on SSL_CTX_set_verify function.I just add to my code a dummy callback returning 1 and everything works properly.
int verify_callback (int ok, X509_STORE_CTX *ctx);
int verify_callback (int ok, X509_STORE_CTX *ctx)
{
printf("Verification callback OK!\n");
return 1;
}
...
SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_ ...CERT, dtls_verify_callback);
The problem is that error don't tell much information about what's really going on or what's really missing.Thanks for your help.
Try adding this to the verify_callback
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
X509 *cert = NULL;
char *cert_DN = NULL;
printf("ok = %d\n", ok);
cert = X509_STORE_CTX_get_current_cert(ctx);
cert_DN = X509_NAME_oneline( X509_get_subject_name( cert ), NULL, 0 );
printf( "cert DN: %s\n", cert_DN);
}
that way, you will know whether your server is processing the right certificate chain.
HTH,
JJK
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
