【发布时间】:2012-05-26 00:18:10
【问题描述】:
我正在使用此代码:
void check_cert(SSL* ssl)
{
//ssl initiation
SSL_library_init();
SSL_load_error_strings();
const SSL_METHOD *meth;
meth = SSLv3_method();
SSL_CTX *ctx;
SSL *_ssl;
ctx = SSL_CTX_new(meth);
int result = 0;
//getting the CA certificate
result = SSL_CTX_load_verify_locations(ctx1, "cacert.pem", NULL);
//result = SSL_CTX_load_verify_locations(ctx, NULL, "/home/cdac/Desktop/test/cert");
printf("\nCA load result = %d", result);
//_ssl = SSL_new(ctx);
SSL_CTX_set_verify(ctx1, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx1, 1);
int result_long = SSL_get_verify_result(ssl);
printf("\nCertificate Check Result: %d", result_long);
if (SSL_get_verify_result(ssl) != X509_V_OK)
{
printf("\nCertiticate Verification Failed\n");
//exit(1);
}
else
{
printf("\nCertiticate Verification Succeeded");
}
}
cacert.pem 是 CA 证书。 当我执行这个我得到这个:
CA load result = 1
Certificate Check Result: 20
Certiticate Verification Failed
代码 20 表示:
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
那么谁能帮助我?这在哪里失败了?
CA 证书加载正常。 (加载结果返回1)。
【问题讨论】:
-
这是自签名证书吗?
标签: c++ c openssl ssl-certificate