Re: problem with wwwssl from Olga Antropova on 2001-03-15 (www-lib@w3.org from April to June 2001)

From: Olga Antropova <olga@eai.com>
Date: Thu, 15 Mar 2001 12:47:18 -0600
To: "Michele Ventimiglia" <ventimi1972@yahoo.it>, <www-lib@w3.org>
Cc: <Lauri.Adamson@andmevara.ee>
Message-ID: <005101c0ad80$5c867a30$3f05010a@eai.com>

Michele,
Try to change the SSL protocol version (from SSLv3).
Olga.

----- Original Message ----- 
From: "Michele Ventimiglia" <ventimi1972@yahoo.it>
To: <www-lib@w3.org>
Cc: <Lauri.Adamson@andmevara.ee>; <olga@eai.com>
Sent: Thursday, March 15, 2001 10:51 AM
Subject: Fwd: problem with wwwssl


> 
> Hi,
> 
> I've modified the HTTSSL.c program;
> I've added SSL_CTX_load_verify_locations and
> recompiled the libwwwssl library....
> 
> I've put the CA certificate in the directory specified
> with the specified name but the result is the same....
> 
> HTSSL New... Created new SSL Object f0d00
> HTSSL....... Setting up f0d00 on socket 11
> HTSSL....... New reference count = 1
> SSL_connect: before/connect initialization
> SSL_connect: SSLv2/v3 write client hello A
> SSL_connect: SSLv3 read server hello A
> depth = 0
> /C=IT/ST=bergamo/L=Bergamo/O=BPB/OU=r&s/CN=web1t
> verify error: num=20:unable to get local issuer
> certificate
> verify return: 1
> depth = 0
> /C=IT/ST=bergamo/L=Bergamo/O=BPB/OU=r&s/CN=web1t
> verify error: num=27:certificate not trusted
> verify return: 1
> depth = 0
> /C=IT/ST=bergamo/L=Bergamo/O=BPB/OU=r&s/CN=web1t
> verify error: num=21:unable to verify the first
> certificate
> verify return: 1
> SSL_connect: SSLv3 read server certificate A
> SSL_connect: SSLv3 read server done A
> SSL_connect: error in SSLv3 write client key exchange
> A
> SSL_connect: error in SSLv3 write client key exchange
> A
> 
> 
> can anyone help me ???
> 
> thanks
> Michele
> 
> > 
> > Hi,
> > 
> > You should make CA cert of the CA that signed a
> > server
> > certificate available
> > in your program.
> > Like CA certs of the well known CAs like verisign
> > and
> > Thawte are.
> > 
> > The CA certs are added to ssl client context with a
> > function like:
> > SSL_CTX_load_verify_locations(_clientCtx, NULL,
> > certDirs);
> > Add the right CA cert to certDirs directory.
> > 
> > Olga.
> > 
> > >
> > > Hello!
> > >
> > > I've some problems with wwwssl application and
> > https
> > > protocol :
> > >
> > > when I run the program the following message
> > appear
> > :
> > >
> > > HTSSL....... New reference count = 1
> > > Maybe I must create a CA certificate.....
> > > or simply use the one I've got from CA...
> > >
> > > Thanks
> > > Michele Ventimiglia
> > 
> > 
> >
> ______________________________________________________________________
> > Do You Yahoo!?
> > Il tuo indirizzo gratis e per sempre @yahoo.it su
> http://mail.yahoo.it
> 
> 
> ______________________________________________________________________
> Do You Yahoo!?
> Il tuo indirizzo gratis e per sempre @yahoo.it su http://mail.yahoo.it
>

Received on Tuesday, 24 April 2001 18:06:27 UTC