At this point why SSL_CTX_set_verify failure?
Instead the client set up SSL_CTX_set_verify (an ssl_ctx, SSC++ L_VERIFY_PEERFAIL_IF_NO_PEER_CERT, NULL); Can verify the server certificate,
See a net friend said before installation level 2 certificate, I have changed to use to verify the certificate chain (don't know this to install so-called secondary certificate understand right,,,), the result or the server to receive the client certificate, but couldn't get a certificate from the server client, but this kind of circumstance can still complete a handshake, a mystery, collapse,,,
Hope god can give some ideas, solve TAT
Part of the code:
OpenSSL_add_all_algorithms ();
SSL_library_init ();
SSL_load_error_strings ();
ERR_load_BIO_strings ();
Const SSL_METHOD * meth;
An SSL_CTX * an SSL_CTX;
//the client part of the code
{
Meth=SSLv23_client_method ();
An ssl_ctx=SSL_CTX_new (meth);
//verification
SSL_CTX_set_verify (an ssl_ctx SSL_VERIFY_PEER, NULL);
Int rc1=SSL_CTX_load_verify_locations (an ssl_ctx, "\ \ demoCA \ \ private \ \ server_chain pem", "\ \ demoCA \ \ private \ ");///
SSL_CTX_set_default_passwd_cb_userdata (an ssl_ctx, "TSINGHUA");
STD: : string cert_chain (". \ \ demoCA \ \ private \ \ client_chain pem ");
STD: : string cert (". \ \ demoCA \ \ private \ \ client_crt pem ");
STD: : string key (". \ \ demoCA \ \ private \ \ client_key pem ");
Int code=SSL_CTX_use_certificate_chain_file (an ssl_ctx, cert_chain c_str ());
If (code!
=1){
STD: : cout<& lt;" Error1 \ n ";
//throw TLSException (" failed to read credentials. ");
}
Code=SSL_CTX_use_PrivateKey_file (an ssl_ctx, key c_str (), SSL_FILETYPE_PEM);
I f (code!
=1){
STD: : cout<& lt;" Error2 \ n ";
//throw TLSException (" failed to read credentials. ");
}
if(! SSL_CTX_check_private_key (an ssl_ctx))
{
STD: : cout<& lt;" The key wrong ";
system("pause");
exit(0);
}
}
//the server part of the code
{
Meth=SSLv23_server_method ();
An ssl_ctx=SSL_CTX_new (meth);
//validate each other
SSL_CTX_set_verify (an ssl_ctx SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL)
SSL_CTX_set_client_CA_list (an ssl_ctx SSL_load_client_CA_file (". \ \ demoCA \ \ private \ \ client_chain pem "));//
SSL_CTX_set_default_passwd_cb_userdata (an ssl_ctx, "TSINGHUA");
STD: : string cert_chain (". \ \ demoCA \ \ private \ \ server_chain pem ");
STD: : string cert (". \ \ demoCA \ \ private \ \ server_crt pem ");
STD: : string key (". \ \ demoCA \ \ private \ \ server_key pem ");
Int rc=SSL_CTX_use_certificate_file (an ssl_ctx, cert. C_str (), SSL_FILETYPE_PEM);
If (rc!
=1){
//throw TLSException (" failed to read credentials. ");
STD: : cout<& lt;" Error1 \ n ";
}
Rc=SSL_CTX_use_PrivateKey_file (an ssl_ctx, key c_str (), SSL_FILETYPE_PEM);
If (rc!
=1){
//throw TLSException (" failed to read credentials. ");
STD: : cout<& lt;" Error2 \ n ";
}
Int rcode=SSL_CTX_check_private_key (an ssl_ctx);
If (rcode!
=1){
STD: : cout<& lt;" The key wrong ";
system("pause");
//exit (0);
}
}
CodePudding user response:
Brother, I also am the problem ah, excuse me, can you find a solution to it TAT, if found, please tell me, I now also is the problem to the whole crazy!!!!!!!!!!!!!!!!!!!CodePudding user response:
SSL_VERIFY_NONE said not verifySSL_VERIFY_PEER server certificate must be provided for client requirement, used when the server to server will be issued a certificate request message ask client to provide the certificate, but the client can not provide
SSL_VERIGY_FAIL_IF_NO_PEER_CERT applies only to the server and must provide the certificate, he must be used with SSL_VERIFY_PEER
CodePudding user response:
This foreign article may be helpful:http://etutorials.org/Programming/secure+programming/Chapter+10.+Public+Key+Infrastructure/10.7+Verifying+an+SSL+Peer+s+Certificate/