Question : IRC SSL certificate verification

hello

I'm going to develop an IRC client that supports SSL. I use opnSSL for my SSL connections. I installed Unreal3.2.8.1 as IRC server on my laptop. It works, because I can login using SSL by mIRC. server works using SSL.

now, I have a problem with SSL certificate verification in my application. I got a code that copied in code snipet.

connect_encrypted function connects to localhost:6697 that UnrealIRCd listens for SSL connections. but SSL_get_verify_result function always return:
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18

I read a lot and got that there are two ways for verification:
1- SSL_CTX_set_verify
2- SSL_get_verify_result and then SSL_CTX_set_verify (like my code)

how can I verify the certificate of UnrealIRCd?

thank you very much
Best Regards

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:

           
           
          BIO* connect_encrypted(char* host_and_port, char* store_path, char store_type, SSL_CTX** ctx, SSL** ssl) {  
  
    BIO* bio = NULL;  
    int r = 0;  
  
    /* Set up the SSL pointers */  
    *ctx = SSL_CTX_new(SSLv23_client_method());  
    *ssl = NULL;  
  
    /* Load the trust store from the pem location in argv[2] */  
    //r = SSL_CTX_load_verify_locations(*ctx, store_path, "server.req.pem");
	if (store_type == 'f')  
        r = SSL_CTX_load_verify_locations(*ctx, store_path, NULL);  
    else  
        r = SSL_CTX_load_verify_locations(*ctx, NULL, store_path);
    if (r == 0) {  
  
        print_ssl_error_2("Unable to load the trust store from %s.\n", store_path, stdout);  
        return NULL;  
    }  
	
    /* Setting up the BIO SSL object */  
    bio = BIO_new_ssl_connect(*ctx);  
    BIO_get_ssl(bio, ssl);  
    if (!(*ssl)) {  
  
        print_ssl_error("Unable to allocate SSL pointer.\n", stdout);  
        return NULL;  
    }  
    SSL_set_mode(*ssl, SSL_MODE_AUTO_RETRY);  
  
    /* Attempt to connect */  
    BIO_set_conn_hostname(bio, host_and_port);  
  
    /* Verify the connection opened and perform the handshake */  
    if (BIO_do_connect(bio) < 1) {  
  
        print_ssl_error_2("Unable to connect BIO.%s\n", host_and_port, stdout);  
        return NULL;  
    }  
  
    if (SSL_get_verify_result(*ssl) != X509_V_OK) {  
		printf("Error: %s\n", ERR_reason_error_string(ERR_get_error()));
		print_ssl_error("Unable to verify connection result.\n", stdout);  
    }
    return bio;  
}

           
         

Attachments:

server.cert.pem.txt (891 bytes) (File Type Details)

these files are in UnrealIRCd program files folder

server.key.pem.txt (887 bytes) (File Type Details)

these files are in UnrealIRCd program files folder

server.req.pem.txt (651 bytes) (File Type Details)

these files are in UnrealIRCd program files folder

Answer : IRC SSL certificate verification

This is the overview:
Using CAPICOM
http://msdn.microsoft.com/en-us/library/aa388154(VS.85).aspx

More specific to your needs:
Adding Certificates to a Certificate Store
http://msdn.microsoft.com/en-us/library/aa375541(VS.85).aspx

And a little more low level:
CertAddCertificateContextToStore Function
http://msdn.microsoft.com/en-us/library/aa376009(VS.85).aspx

Let me know if that helps. :-)

Dave Dietz