W3C home > Mailing lists > Public > www-lib@w3.org > January to March 2001

Fwd: problem with wwwssl

From: Michele Ventimiglia <ventimi1972@yahoo.it>
Date: Thu, 15 Mar 2001 11:51:48 -0500 (EST)
Message-ID: <20010315165136.12271.qmail@web4702.mail.yahoo.com>
To: www-lib@w3.org
Cc: Lauri.Adamson@andmevara.ee, olga@eai.com

Hi,

I've modified the HTTSSL.c program;
I've added SSL_CTX_load_verify_locations and
recompiled the libwwwssl library....

I've put the CA certificate in the directory specified
with the specified name but the result is the same....

HTSSL New... Created new SSL Object f0d00
HTSSL....... Setting up f0d00 on socket 11
HTSSL....... New reference count = 1
SSL_connect: before/connect initialization
SSL_connect: SSLv2/v3 write client hello A
SSL_connect: SSLv3 read server hello A
depth = 0
/C=IT/ST=bergamo/L=Bergamo/O=BPB/OU=r&s/CN=web1t
verify error: num=20:unable to get local issuer
certificate
verify return: 1
depth = 0
/C=IT/ST=bergamo/L=Bergamo/O=BPB/OU=r&s/CN=web1t
verify error: num=27:certificate not trusted
verify return: 1
depth = 0
/C=IT/ST=bergamo/L=Bergamo/O=BPB/OU=r&s/CN=web1t
verify error: num=21:unable to verify the first
certificate
verify return: 1
SSL_connect: SSLv3 read server certificate A
SSL_connect: SSLv3 read server done A
SSL_connect: error in SSLv3 write client key exchange
A
SSL_connect: error in SSLv3 write client key exchange
A


can anyone help me ???

thanks
Michele

> 
> Hi,
> 
> You should make CA cert of the CA that signed a
> server
> certificate available
> in your program.
> Like CA certs of the well known CAs like verisign
> and
> Thawte are.
> 
> The CA certs are added to ssl client context with a
> function like:
> SSL_CTX_load_verify_locations(_clientCtx, NULL,
> certDirs);
> Add the right CA cert to certDirs directory.
> 
> Olga.
> 
> >
> > Hello!
> >
> > I've some problems with wwwssl application and
> https
> > protocol :
> >
> > when I run the program the following message
> appear
> :
> >
> > HTSSL....... New reference count = 1
> > Maybe I must create a CA certificate.....
> > or simply use the one I've got from CA...
> >
> > Thanks
> > Michele Ventimiglia
> 
> 
>
______________________________________________________________________
> Do You Yahoo!?
> Il tuo indirizzo gratis e per sempre @yahoo.it su
http://mail.yahoo.it


______________________________________________________________________
Do You Yahoo!?
Il tuo indirizzo gratis e per sempre @yahoo.it su http://mail.yahoo.it
Received on Thursday, 15 March 2001 12:01:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:38 GMT