Re: SSL_get_peer_certificate() failing - Openssl

This is a discussion on Re: SSL_get_peer_certificate() failing - Openssl ; I know that s isn't null because I check its value before I call SSL_get_peer_certificate(). I've also verified that s->session is infact NULL before the call to SSL_get_peer_certificate(). I can still send data across the link - I've tested using ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: SSL_get_peer_certificate() failing

  1. Re: SSL_get_peer_certificate() failing

    I know that s isn't null because I check its value before I call SSL_get_peer_certificate(). I've also verified that s->session is infact NULL before the call to SSL_get_peer_certificate().

    I can still send data across the link - I've tested using BIO_read() and BIO_write() to see if the machines can communicate and I was able to successfully write/read messages.

    One thing I did notice, and thanks for pointing this out, is that my SSL_set_verify callback
    function is never getting called which is strange.

    I'm using OpenSSL 0.9.8f running on AIX.

    Thanks,
    John M.


  2. Re: SSL_get_peer_certificate() failing

    From the mail thread I take it that your problem is visible at the
    client side of the connection, so a server certificate should always
    be send as long as you are not using an anonymous cipher (which
    need to be enabled specifically).
    Are you using SSL_connect() to explicitly connect to the server? Did
    you check the return value of SSL_connect() to be 1 for success? There
    must be a session established between the client and the server as the
    session object contains the premaster secret from which the secret
    keys for the communication are derived. Therefore the s->session object
    cannot be 0 for an established connection.
    You should also consider to use ssldump to analyze your connection
    attempt on the wire. It also seems that wireshark is now quite powerful
    in analyzing SSL protocol communication.

    Best regards,
    Lutz


    M wrote:
    > I know that s isn't null because I check its value before I call
    > SSL_get_peer_certificate(). I've also verified that s->session is
    > infact NULL before the call to SSL_get_peer_certificate().
    >
    > I can still send data across the link - I've tested using BIO_read()
    > and BIO_write() to see if the machines can communicate and I was able
    > to successfully write/read messages.
    >
    > One thing I did notice, and thanks for pointing this out, is that my
    > SSL_set_verify callback
    > function is never getting called which is strange.
    >
    > I'm using OpenSSL 0.9.8f running on AIX.
    >
    > Thanks,
    > John M.
    >


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread