我正在使用此代码:
void check_cert(SSL* ssl)
{
//ssl initiation
SSL_library_init();
SSL_load_error_strings();
const SSL_METHOD *meth;
meth = SSLv3_method();
SSL_CTX *ctx;
SSL *_ssl;
ctx = SSL_CTX_new(meth);
int result = 0;
//getting the CA certificate
result = SSL_CTX_load_verify_locations(ctx1, "cacert.pem", NULL);
//result = SSL_CTX_load_verify_locations(ctx, NULL, "/home/cdac/Desktop/test/cert");
printf("\nCA load result = %d", result);
//_ssl = SSL_new(ctx);
SSL_CTX_set_verify(ctx1, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx1, 1);
int result_long = SSL_get_verify_result(ssl);
printf("\nCertificate Check Result: %d", result_long);
if (SSL_get_verify_result(ssl) != X509_V_OK)
{
printf("\nCertiticate Verification Failed\n");
//exit(1);
}
else
{
printf("\nCertiticate Verification Succeeded");
}
}
cacert.pem是CA证书。 当我执行此操作时,我得到了这个:
CA load result = 1
Certificate Check Result: 20
Certiticate Verification Failed
代码20表示:
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
那么有人可以帮助我吗?哪里失败了?
CA证书正在加载正常。 (加载结果返回1)。
答案 0 :(得分:1)
如果您从对等方获得根CA并且未在您身边加载根CA,则会发生这种情况。