Re: wwwssl problems from Lutz Jaenicke on 2001-07-27 (www-lib@w3.org from July to September 2001)

From: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
Date: Fri, 27 Jul 2001 12:06:15 +0200
To: www-lib@w3.org
Message-ID: <20010727120615.A5567@serv01.aet.tu-cottbus.de>

On Thu, Jul 26, 2001 at 05:14:16PM -0400, Fred Covely wrote:
> I am trying to use client side certificates in a libwww app and am
> having a similar problem.  I am running on windows 2000 and
> can see the certificates I need in the user|advanced|digital certificates
> dialog off of the control panel.  However, I cannot locate the
> windows directory where the certificates are actually stored.
> Presumabley its in some private win-only data store.  So my
> question is what is the easiest way to use certificates in
> libwww on a windows client?
> 
> FYI I have tried several incarnations of:
> 	SSL_CTX_set_default_verify_paths(app_ctx);
> 	rc = SSL_CTX_load_verify_locations(app_ctx,NULL,"d:\\"); // where I am
> putting my exported .cer files
> 	rc = SSL_CTX_load_verify_locations(app_ctx,"d:\\verisignclass3.cer",NULL);
> // as an example of a attempt to directly load a .cer file

Documentation about the function is available at
http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html

> Finally here are the error messages my log shows:
> 
> 13:57:11      depth = 1 /O=VeriSign Trust Network/OU=VeriSign,
> Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS
> Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
> 13:57:11      verify error: num=20:unable to get local issuer certificate
> 13:57:11      verify return: 1
Here obiously the CA certificate could not be found.

> 13:57:11      depth = 1 /O=VeriSign Trust Network/OU=VeriSign,
> Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS
> Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
> 13:57:11      verify error: num=27:certificate not trusted
> 13:57:11      verify return: 1
Consequence of the error above.

Use the "openssl verify" tool to check out the certificates. Once you
succeed with "openssl verify", it should also work from within the
program.

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke@aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

Received on Friday, 27 July 2001 06:06:20 UTC