2
我使用这个代码:SSL证书验证失败:使用OpenSSL的
void check_cert(SSL* ssl)
{
//ssl initiation
SSL_library_init();
SSL_load_error_strings();
const SSL_METHOD *meth;
meth = SSLv3_method();
SSL_CTX *ctx;
SSL *_ssl;
ctx = SSL_CTX_new(meth);
int result = 0;
//getting the CA certificate
result = SSL_CTX_load_verify_locations(ctx1, "cacert.pem", NULL);
//result = SSL_CTX_load_verify_locations(ctx, NULL, "/home/cdac/Desktop/test/cert");
printf("\nCA load result = %d", result);
//_ssl = SSL_new(ctx);
SSL_CTX_set_verify(ctx1, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx1, 1);
int result_long = SSL_get_verify_result(ssl);
printf("\nCertificate Check Result: %d", result_long);
if (SSL_get_verify_result(ssl) != X509_V_OK)
{
printf("\nCertiticate Verification Failed\n");
//exit(1);
}
else
{
printf("\nCertiticate Verification Succeeded");
}
}
cacert.pem是CA证书。 当我执行此我得到这个:
CA load result = 1
Certificate Check Result: 20
Certiticate Verification Failed
代码20级是指:
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
因此,谁能帮助我?这在哪里失败?
CA证书加载正常。 (加载结果返回1)。
这是一个自签名证书吗? – Lazylabs