我是 OpenSSL 的新手,我正在阅读有关 OpenSSL 编程以连接到服务器的教程:
www.rtfm.com/openssl-examples/part1.pdf
www.rtfm.com/openssl-examples/part2.pdf
不知何故,设置正确的证书比预期的更棘手...... :(
当我使用 openssl s_client 测试消息时:
openssl s_client -connect 123.456.789.0:666 -CAfile test.crt -debug
我收到错误消息
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA 证书颁发机构验证错误:num=20:无法获得本地颁发者证书验证返回:0
进而:
错误:14094412:SSL 例程:SSL3_READ_BYTES:sslv3 警报错误证书:s3_pkt.c:1257:SSL 警报编号 42 140685406562208:错误:140790E5:SSL 例程:SSL23_WRITE:ssl failure.c:1257:SSL
这是证书链:
Certificate chain
0
s:myself
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
1
s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA …