You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What am I trying to achieve: ----->
A mutual certificate authentication between server and client, for which I need to use the VERIFY_PEER. But I am not sure if my code is correct or if I am missing something
Issue: ---->
I encounter "SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed" error when I try to connect to the server.
Am I missing any steps or doing something wrong ?
Any help is appreciated!!
The text was updated successfully, but these errors were encountered:
Client Code: --->
ctx, err := openssl.NewCtxFromFiles("./client_cert/public/client.crt", "./client_cert/private/client.key")
if err != nil {
log.Fatal(err)
}
err = ctx.LoadVerifyLocations("", "./public/server_cert")
if err != nil {
log.Fatal(err)
}
ctx.SetVerify(openssl.VerifyPeer, nil)
fmt.Println("here1:")
conn, err := openssl.Dial("tcp", "localhost:8443", ctx, 0)
fmt.Println("here2:")
if err != nil {
fmt.Println(err.Error())
return
}
Server Code: ----->
ctx, err := openssl.NewCtxFromFiles("./server_cert/public/server.crt", "./server_cert/private/server.key")
if err != nil {
log.Fatal(err)
}
err = ctx.LoadVerifyLocations("", "./public/client_cert")
if err != nil {
log.Fatal(err)
}
ctx.SetVerify(openssl.VerifyPeer, nil)
l, err := openssl.Listen("tcp", "localhost:8443", ctx)
if err != nil {
fmt.Println("Error listening:", err.Error())
os.Exit(1)
}
// Close the listener when the application closes.
defer l.Close()
for {
// Listen for an incoming connection.
conn, err := l.Accept()
if err != nil {
fmt.Println("Error accepting: ", err.Error())
os.Exit(1)
}
// Handle connections in a new goroutine.
go handleRequest(conn)
}
}
Server Certificate: ---------->
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c0:8a:38:0c:37:1b:1b:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Validity
Not Before: Apr 8 18:37:59 2019 GMT
Not After : Apr 5 18:37:59 2029 GMT
Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:a1:10:a7:13:45:3d:67:52:8f:af:32:29:a9:
9f:d8:76:72:f4:01:ab:5b:f2:d9:60:ca:e1:a7:6b:
b7:b3:6b:1c:e4:e4:e9:c6:ed:a6:f6:fb:65:b2:b7:
31:6c:fb:80:9b:d9:b3:40:c3:f6:82:00:b0:84:0d:
ba:da:b0:f5:62:3a:e3:b3:18:2c:33:6f:3a:95:66:
a6:0c:e3:b1:eb:01:97:36:29:16:be:16:0c:58:98:
ea:44:f8:48:25:08:5d:a7:d5:c9:16:d4:b0:c0:4d:
c9:44:13:98:aa:20:09:09:9f:0d:11:3e:c5:b1:27:
b2:2e:c7:f7:38:aa:f3:b5:4c:dd:c1:fa:a8:92:6b:
0f:25:0d:2a:aa:1e:b9:4d:57:3f:28:4d:ae:bb:0e:
b0:84:4c:89:04:8c:02:4d:2b:16:23:e5:81:73:08:
a9:4b:1e:81:08:a8:6e:8d:b1:28:cc:35:0d:0c:be:
31:fa:54:13:02:7b:74:28:6a:c1:c3:9d:99:94:c6:
6f:32:57:6f:13:12:f7:32:01:59:23:63:44:11:a8:
1c:68:a2:43:78:b3:07:b4:ed:3d:c9:55:4c:ba:12:
ac:08:15:98:75:34:8a:93:84:01:97:33:7a:fd:ce:
ce:5b:9e:29:17:0e:34:15:bd:aa:42:7c:a7:c1:c6:
c8:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:85:6D:F5:1C:42:59:0F:78:26:42:30:F5:6E:14:55:01:21:17:0F
X509v3 Authority Key Identifier:
keyid:C8:85:6D:F5:1C:42:59:0F:78:26:42:30:F5:6E:14:55:01:21:17:0F
-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJAMCKOAw3GxtgMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQowCAYD
VQQDDAEqMB4XDTE5MDQwODE4Mzc1OVoXDTI5MDQwNTE4Mzc1OVowbTELMAkGA1UE
BhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRgwFgYDVQQK
DA9HbG9iYWwgU2VjdXJpdHkxFjAUBgNVBAsMDUlUIERlcGFydG1lbnQxCjAIBgNV
BAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpoRCnE0U9Z1KP
rzIpqZ/YdnL0Aatb8tlgyuGna7ezaxzk5OnG7ab2+2WytzFs+4Cb2bNAw/aCALCE
DbrasPViOuOzGCwzbzqVZqYM47HrAZc2KRa+FgxYmOpE+EglCF2n1ckW1LDATclE
E5iqIAkJnw0RPsWxJ7Iux/c4qvO1TN3B+qiSaw8lDSqqHrlNVz8oTa67DrCETIkE
jAJNKxYj5YFzCKlLHoEIqG6NsSjMNQ0MvjH6VBMCe3QoasHDnZmUxm8yV28TEvcy
AVkjY0QRqBxookN4swe07T3JVUy6EqwIFZh1NIqThAGXM3r9zs5bnikXDjQVvapC
fKfBxsiPAgMBAAGjUDBOMB0GA1UdDgQWBBTIhW31HEJZD3gmQjD1bhRVASEXDzAf
BgNVHSMEGDAWgBTIhW31HEJZD3gmQjD1bhRVASEXDzAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBe3rsvy47oSSithvOHRU+or42URaMrfdvpz/99lu9t
Kowbacqpc4oIzLwKLwEQaZCtVHpopcHfMbrvY4+eN0oh9EZEwbwVQnywQkvZ4yCN
TW50T1/cdmAyQlKmssO3uwjUkmsEzUbY6Rjx9AidRCzMI5pDBn5mcCWBvOrUirZS
6jBr76000HGRH7Ko8iXdSLe2w+r5KMRy6cG+mMKzQOoEToQsz/wAVA4r4Jzqh1yD
HuxCpW+MDx19CcXzPs7qEg36JZmY4rDFO4h+GLd+AWPo/B/0HRTkziIfT9/lJalX
ECGJ188OVh6aVU7EDwqX/WNK1L8D3o6Il6sgXfqyeoVn
-----END CERTIFICATE-----
Client Certificate:------>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d7:1f:6e:64:86:af:1a:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Validity
Not Before: Apr 8 18:38:33 2019 GMT
Not After : Apr 5 18:38:33 2029 GMT
Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:b8:a9:c1:dd:4e:50:2b:36:75:75:bf:4b:d9:
8e:54:90:1b:4e:fa:28:75:4a:40:e5:c7:48:d9:78:
f8:69:7d:90:c9:a7:46:bf:74:bb:30:63:1f:cb:c1:
eb:99:22:93:6a:b1:c3:27:42:e8:1a:06:ae:95:77:
bb:b2:5b:5d:33:81:39:b6:25:d6:58:be:c1:93:dc:
68:73:70:e6:2f:af:6a:c2:f9:1f:4f:1b:9d:22:82:
85:1a:c2:a8:28:3c:49:e5:ae:ee:cf:4b:a7:2d:81:
4a:b7:56:af:10:39:36:2d:7f:58:4d:c0:86:b6:d6:
84:7a:d2:db:6c:2e:03:1d:e2:60:90:7c:db:0c:20:
6d:30:60:c9:3b:f0:7d:3b:84:f8:5f:30:40:60:55:
15:74:1c:ca:cd:ff:da:c3:28:95:7b:06:c0:de:e6:
33:b7:4a:24:d6:31:7b:8d:4b:ee:10:39:2b:64:75:
33:8a:96:8f:b5:e5:b8:75:a8:2e:49:94:e5:d1:33:
7e:1c:78:98:02:13:7b:14:39:47:35:74:b3:fc:8d:
0d:1c:87:ce:5e:7a:35:1e:93:fe:ef:e0:84:34:7b:
f9:ac:52:db:9a:d0:1f:03:fe:4d:d6:f5:c3:a6:3c:
66:26:c9:b7:8d:49:56:57:a1:86:7f:1d:bd:12:0f:
4f:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:90:D3:E2:C1:1A:A8:8D:42:23:11:8F:59:86:A2:56:58:4E:0A:52
X509v3 Authority Key Identifier:
keyid:5A:90:D3:E2:C1:1A:A8:8D:42:23:11:8F:59:86:A2:56:58:4E:0A:52
-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJANcfbmSGrxoVMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQowCAYD
VQQDDAEqMB4XDTE5MDQwODE4MzgzM1oXDTI5MDQwNTE4MzgzM1owbTELMAkGA1UE
BhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRgwFgYDVQQK
DA9HbG9iYWwgU2VjdXJpdHkxFjAUBgNVBAsMDUlUIERlcGFydG1lbnQxCjAIBgNV
BAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYuKnB3U5QKzZ1
db9L2Y5UkBtO+ih1SkDlx0jZePhpfZDJp0a/dLswYx/LweuZIpNqscMnQugaBq6V
d7uyW10zgTm2JdZYvsGT3GhzcOYvr2rC+R9PG50igoUawqgoPEnlru7PS6ctgUq3
Vq8QOTYtf1hNwIa21oR60ttsLgMd4mCQfNsMIG0wYMk78H07hPhfMEBgVRV0HMrN
/9rDKJV7BsDe5jO3SiTWMXuNS+4QOStkdTOKlo+15bh1qC5JlOXRM34ceJgCE3sU
OUc1dLP8jQ0ch85eejUek/7v4IQ0e/msUtua0B8D/k3W9cOmPGYmybeNSVZXoYZ/
Hb0SD0+jAgMBAAGjUDBOMB0GA1UdDgQWBBRakNPiwRqojUIjEY9ZhqJWWE4KUjAf
BgNVHSMEGDAWgBRakNPiwRqojUIjEY9ZhqJWWE4KUjAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBwUc01QjQSyIJ5rpeMzd1AWg4ktUkOnupZSXD8UtXr
1bf299uwFHFi91Ij3EUs+9PaVGNjoN0UYSgzxvljRECIVTOFBRb+bj/UYrTxxR3l
Tmd/2NlUQkJutN0mlg0JKms61Dheip0zBKYxpY0IoNhy+WljVME3dRhNF1v4QnHr
LGu8tg6FIzNSw8LwdAV6mwrvYC1Drle7kXC3ej7VxoIjObUKk+87PX4E9nAtXcbW
gaujM9yMjwk0KrxUpHefbtnYbXlQ647yefibh2HtQtuRmVfxjdbi+RkjxKGoXSk6
lax6jln5NA1FkxiTsSCEJ8kZsyhL++PFaWTADpTSXk2E
-----END CERTIFICATE-----
What am I trying to achieve: ----->
A mutual certificate authentication between server and client, for which I need to use the VERIFY_PEER. But I am not sure if my code is correct or if I am missing something
Issue: ---->
I encounter "SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed" error when I try to connect to the server.
Am I missing any steps or doing something wrong ?
Any help is appreciated!!
The text was updated successfully, but these errors were encountered: