День добрый. Пишу я тут свой сервер с использованием libssl и пытаюсь отладить соединение по openssl s_client. Кусок сода из сервака:
OPENSSL_config(NULL);
SSL_load_error_strings();
SSL_library_init();
SSL_CTX *newContectx = SSL_CTX_new(TLSv1_2_server_method());
if(newContectx == NULL)
return -1;
// if(SSL_CTX_set_cipher_list(newContectx,"DHE-RSA-AES128-SHA256") != 1)
// return -1;
SSL_CTX_use_certificate_file(newContectx,"/tmp/ca.crt", SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(newContectx,"/tmp/ca.key", SSL_FILETYPE_PEM);
if(SSL_CTX_check_private_key(newContectx) != 1)
return -1;
if(SSL_CTX_load_verify_locations(newContectx,"/tmp/ca.crt", NULL) != 1)
return -1;
SSL_CTX_set_client_CA_list(newContectx,SSL_load_client_CA_file("/tmp/ca.crt"));
SSL_CTX_set_verify(newContectx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
safeSocet = SSL_new(newContectx);
if(SSL_set_fd(safeSocet,socet) != 1)
ThrowSystemError("can't create safe socket");
if(SSL_get_error(safeSocet, SSL_accept(safeSocet)) != SSL_ERROR_NONE)
ThrowSystemError("can't create safe socket");
openssl s_client -connect 192.168.0.180:8888 -tls1_2 -CAfile ca.crt -cert client01.crt -key client01.key
Получаю следующее:
CONNECTED(00000003)
depth=0 C = RU, CN = server
verify return:1
3073468092:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1262:SSL alert number 42
3073468092:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
Certificate chain
0 s:/C=RU/CN=server
i:/C=RU/CN=server
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICgDCCAemgAwIBAgIJAM7npiVJnQxkMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
BAYTAlJVMRIwEAYDVQQKDAlzcGVlY2hwcm8xEDAOBgNVBAMMB3puYWNoZWsxJDAi
BgkqhkiG9w0BCQEWFXN0Yy1zcGJAc3BlZWNocHJvLmNvbTAeFw0xNTAyMjUwNzM5
MTdaFw0xNjA3MDkwNzM5MTdaMFkxCzAJBgNVBAYTAlJVMRIwEAYDVQQKDAlzcGVl
Y2hwcm8xEDAOBgNVBAMMB3puYWNoZWsxJDAiBgkqhkiG9w0BCQEWFXN0Yy1zcGJA
c3BlZWNocHJvLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwjvxPnur
+ioBXxH/yDKVoagmxbpD6S3L1cQYHbl1LkFXIUsyZT6VQFNzcAwwh/ejKT8irwER
vinbdUVrkiNE9DfVS59DN5uk1sTeLHh2j69/d0iW54+gOTr2p6xfeo/2slw1Wi/U
etdko9oZb851L14y6TJV0Hj+PCdmCfb5KxcCAwEAAaNQME4wHQYDVR0OBBYEFHTv
/fqF2fPqKY2j4/y23kYr9CSeMB8GA1UdIwQYMBaAFHTv/fqF2fPqKY2j4/y23kYr
9CSeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAPUh2O1aP1P7HWW28
xwQnSa6PaEvVT6YuMqsGQBvJ3PK5ct3TsXTyj4X5yQrV1JcSOoLZYbfCkoO0sLfk
YMJ1H5yGeVWiJKbHBEAE/B46aEw/bctKBqLOAeC7GXgWk1RRMndXma+7eOYaUK+F
ziyYutl02VRRB6Ma5HEnR0gJaHE=
-----END CERTIFICATE-----
subject=/C=RU/O=speechpro/CN=server
issuer=/C=RU/O=speechpro/CN=server
---
Acceptable client certificate CA names
/C=RU/O=speechpro/CN=server
---
SSL handshake has read 873 bytes and written 1562 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
Master-Key: A480F425BD33CC8C9AD751C6767E7639423816225196F0DF5BA7BFEE1FC3C382FF8EBBE054EA65855EA4231971B4BAD8
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1424874860
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Из чего я делаю вывод, что клиент свой сертификат не отпраляет. Как исправить?
