SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed
shekharHPE opened this issue · 2 comments
Client Code: --->
ctx, err := openssl.NewCtxFromFiles("./client_cert/public/client.crt", "./client_cert/private/client.key")
if err != nil {
log.Fatal(err)
}
err = ctx.LoadVerifyLocations("", "./public/server_cert")
if err != nil {
log.Fatal(err)
}
ctx.SetVerify(openssl.VerifyPeer, nil)
fmt.Println("here1:")
conn, err := openssl.Dial("tcp", "localhost:8443", ctx, 0)
fmt.Println("here2:")
if err != nil {
fmt.Println(err.Error())
return
}
Server Code: ----->
ctx, err := openssl.NewCtxFromFiles("./server_cert/public/server.crt", "./server_cert/private/server.key")
if err != nil {
log.Fatal(err)
}
err = ctx.LoadVerifyLocations("", "./public/client_cert")
if err != nil {
log.Fatal(err)
}
ctx.SetVerify(openssl.VerifyPeer, nil)
l, err := openssl.Listen("tcp", "localhost:8443", ctx)
if err != nil {
fmt.Println("Error listening:", err.Error())
os.Exit(1)
}
// Close the listener when the application closes.
defer l.Close()
for {
// Listen for an incoming connection.
conn, err := l.Accept()
if err != nil {
fmt.Println("Error accepting: ", err.Error())
os.Exit(1)
}
// Handle connections in a new goroutine.
go handleRequest(conn)
}
}
Server Certificate: ---------->
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c0:8a:38:0c:37:1b:1b:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Validity
Not Before: Apr 8 18:37:59 2019 GMT
Not After : Apr 5 18:37:59 2029 GMT
Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:a1:10:a7:13:45:3d:67:52:8f:af:32:29:a9:
9f:d8:76:72:f4:01:ab:5b:f2:d9:60:ca:e1:a7:6b:
b7:b3:6b:1c:e4:e4:e9:c6:ed:a6:f6:fb:65:b2:b7:
31:6c:fb:80:9b:d9:b3:40:c3:f6:82:00:b0:84:0d:
ba:da:b0:f5:62:3a:e3:b3:18:2c:33:6f:3a:95:66:
a6:0c:e3:b1:eb:01:97:36:29:16:be:16:0c:58:98:
ea:44:f8:48:25:08:5d:a7:d5:c9:16:d4:b0:c0:4d:
c9:44:13:98:aa:20:09:09:9f:0d:11:3e:c5:b1:27:
b2:2e:c7:f7:38:aa:f3:b5:4c:dd:c1:fa:a8:92:6b:
0f:25:0d:2a:aa:1e:b9:4d:57:3f:28:4d:ae:bb:0e:
b0:84:4c:89:04:8c:02:4d:2b:16:23:e5:81:73:08:
a9:4b:1e:81:08:a8:6e:8d:b1:28:cc:35:0d:0c:be:
31:fa:54:13:02:7b:74:28:6a:c1:c3:9d:99:94:c6:
6f:32:57:6f:13:12:f7:32:01:59:23:63:44:11:a8:
1c:68:a2:43:78:b3:07:b4:ed:3d:c9:55:4c:ba:12:
ac:08:15:98:75:34:8a:93:84:01:97:33:7a:fd:ce:
ce:5b:9e:29:17:0e:34:15:bd:aa:42:7c:a7:c1:c6:
c8:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:85:6D:F5:1C:42:59:0F:78:26:42:30:F5:6E:14:55:01:21:17:0F
X509v3 Authority Key Identifier:
keyid:C8:85:6D:F5:1C:42:59:0F:78:26:42:30:F5:6E:14:55:01:21:17:0F
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
5e:de:bb:2f:cb:8e:e8:49:28:ad:86:f3:87:45:4f:a8:af:8d:
94:45:a3:2b:7d:db:e9:cf:ff:7d:96:ef:6d:2a:8c:1b:69:ca:
a9:73:8a:08:cc:bc:0a:2f:01:10:69:90:ad:54:7a:68:a5:c1:
df:31:ba:ef:63:8f:9e:37:4a:21:f4:46:44:c1:bc:15:42:7c:
b0:42:4b:d9:e3:20:8d:4d:6e:74:4f:5f:dc:76:60:32:42:52:
a6:b2:c3:b7:bb:08:d4:92:6b:04:cd:46:d8:e9:18:f1:f4:08:
9d:44:2c:cc:23:9a:43:06:7e:66:70:25:81:bc:ea:d4:8a:b6:
52:ea:30:6b:ef:ad:34:d0:71:91:1f:b2:a8:f2:25:dd:48:b7:
b6:c3:ea:f9:28:c4:72:e9:c1:be:98:c2:b3:40:ea:04:4e:84:
2c:cf:fc:00:54:0e:2b:e0:9c:ea:87:5c:83:1e:ec:42:a5:6f:
8c:0f:1d:7d:09:c5:f3:3e:ce:ea:12:0d:fa:25:99:98:e2:b0:
c5:3b:88:7e:18:b7:7e:01:63:e8:fc:1f:f4:1d:14:e4:ce:22:
1f:4f:df:e5:25:a9:57:10:21:89:d7:cf:0e:56:1e:9a:55:4e:
c4:0f:0a:97:fd:63:4a:d4:bf:03:de:8e:88:97:ab:20:5d:fa:
b2:7a:85:67
-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJAMCKOAw3GxtgMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQowCAYD
VQQDDAEqMB4XDTE5MDQwODE4Mzc1OVoXDTI5MDQwNTE4Mzc1OVowbTELMAkGA1UE
BhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRgwFgYDVQQK
DA9HbG9iYWwgU2VjdXJpdHkxFjAUBgNVBAsMDUlUIERlcGFydG1lbnQxCjAIBgNV
BAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpoRCnE0U9Z1KP
rzIpqZ/YdnL0Aatb8tlgyuGna7ezaxzk5OnG7ab2+2WytzFs+4Cb2bNAw/aCALCE
DbrasPViOuOzGCwzbzqVZqYM47HrAZc2KRa+FgxYmOpE+EglCF2n1ckW1LDATclE
E5iqIAkJnw0RPsWxJ7Iux/c4qvO1TN3B+qiSaw8lDSqqHrlNVz8oTa67DrCETIkE
jAJNKxYj5YFzCKlLHoEIqG6NsSjMNQ0MvjH6VBMCe3QoasHDnZmUxm8yV28TEvcy
AVkjY0QRqBxookN4swe07T3JVUy6EqwIFZh1NIqThAGXM3r9zs5bnikXDjQVvapC
fKfBxsiPAgMBAAGjUDBOMB0GA1UdDgQWBBTIhW31HEJZD3gmQjD1bhRVASEXDzAf
BgNVHSMEGDAWgBTIhW31HEJZD3gmQjD1bhRVASEXDzAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBe3rsvy47oSSithvOHRU+or42URaMrfdvpz/99lu9t
Kowbacqpc4oIzLwKLwEQaZCtVHpopcHfMbrvY4+eN0oh9EZEwbwVQnywQkvZ4yCN
TW50T1/cdmAyQlKmssO3uwjUkmsEzUbY6Rjx9AidRCzMI5pDBn5mcCWBvOrUirZS
6jBr76000HGRH7Ko8iXdSLe2w+r5KMRy6cG+mMKzQOoEToQsz/wAVA4r4Jzqh1yD
HuxCpW+MDx19CcXzPs7qEg36JZmY4rDFO4h+GLd+AWPo/B/0HRTkziIfT9/lJalX
ECGJ188OVh6aVU7EDwqX/WNK1L8D3o6Il6sgXfqyeoVn
-----END CERTIFICATE-----
Client Certificate:------>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d7:1f:6e:64:86:af:1a:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Validity
Not Before: Apr 8 18:38:33 2019 GMT
Not After : Apr 5 18:38:33 2029 GMT
Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:b8:a9:c1:dd:4e:50:2b:36:75:75:bf:4b:d9:
8e:54:90:1b:4e:fa:28:75:4a:40:e5:c7:48:d9:78:
f8:69:7d:90:c9:a7:46:bf:74:bb:30:63:1f:cb:c1:
eb:99:22:93:6a:b1:c3:27:42:e8:1a:06:ae:95:77:
bb:b2:5b:5d:33:81:39:b6:25:d6:58:be:c1:93:dc:
68:73:70:e6:2f:af:6a:c2:f9:1f:4f:1b:9d:22:82:
85:1a:c2:a8:28:3c:49:e5:ae:ee:cf:4b:a7:2d:81:
4a:b7:56:af:10:39:36:2d:7f:58:4d:c0:86:b6:d6:
84:7a:d2:db:6c:2e:03:1d:e2:60:90:7c:db:0c:20:
6d:30:60:c9:3b:f0:7d:3b:84:f8:5f:30:40:60:55:
15:74:1c:ca:cd:ff:da:c3:28:95:7b:06:c0:de:e6:
33:b7:4a:24:d6:31:7b:8d:4b:ee:10:39:2b:64:75:
33:8a:96:8f:b5:e5:b8:75:a8:2e:49:94:e5:d1:33:
7e:1c:78:98:02:13:7b:14:39:47:35:74:b3:fc:8d:
0d:1c:87:ce:5e:7a:35:1e:93:fe:ef:e0:84:34:7b:
f9:ac:52:db:9a:d0:1f:03:fe:4d:d6:f5:c3:a6:3c:
66:26:c9:b7:8d:49:56:57:a1:86:7f:1d:bd:12:0f:
4f:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:90:D3:E2:C1:1A:A8:8D:42:23:11:8F:59:86:A2:56:58:4E:0A:52
X509v3 Authority Key Identifier:
keyid:5A:90:D3:E2:C1:1A:A8:8D:42:23:11:8F:59:86:A2:56:58:4E:0A:52
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
70:51:cd:35:42:34:12:c8:82:79:ae:97:8c:cd:dd:40:5a:0e:
24:b5:49:0e:9e:ea:59:49:70:fc:52:d5:eb:d5:b7:f6:f7:db:
b0:14:71:62:f7:52:23:dc:45:2c:fb:d3:da:54:63:63:a0:dd:
14:61:28:33:c6:f9:63:44:40:88:55:33:85:05:16:fe:6e:3f:
d4:62:b4:f1:c5:1d:e5:4e:67:7f:d8:d9:54:42:42:6e:b4:dd:
26:96:0d:09:2a:6b:3a:d4:38:5e:8a:9d:33:04:a6:31:a5:8d:
08:a0:d8:72:f9:69:63:54:c1:37:75:18:4d:17:5b:f8:42:71:
eb:2c:6b:bc:b6:0e:85:23:33:52:c3:c2:f0:74:05:7a:9b:0a:
ef:60:2d:43:ae:57:bb:91:70:b7:7a:3e:d5:c6:82:23:39:b5:
0a:93:ef:3b:3d:7e:04:f6:70:2d:5d:c6:d6:81:ab:a3:33:dc:
8c:8f:09:34:2a:bc:54:a4:77:9f:6e:d9:d8:6d:79:50:eb:8e:
f2:79:f8:9b:87:61:ed:42:db:91:99:57:f1:8d:d6:e2:f9:19:
23:c4:a1:a8:5d:29:3a:95:ac:7a:8e:59:f9:34:0d:45:93:18:
93:b1:20:84:27:c9:19:b3:28:4b:fb:e3:c5:69:64:c0:0e:94:
d2:5e:4d:84
-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJANcfbmSGrxoVMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEYMBYGA1UE
CgwPR2xvYmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MQowCAYD
VQQDDAEqMB4XDTE5MDQwODE4MzgzM1oXDTI5MDQwNTE4MzgzM1owbTELMAkGA1UE
BhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRgwFgYDVQQK
DA9HbG9iYWwgU2VjdXJpdHkxFjAUBgNVBAsMDUlUIERlcGFydG1lbnQxCjAIBgNV
BAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYuKnB3U5QKzZ1
db9L2Y5UkBtO+ih1SkDlx0jZePhpfZDJp0a/dLswYx/LweuZIpNqscMnQugaBq6V
d7uyW10zgTm2JdZYvsGT3GhzcOYvr2rC+R9PG50igoUawqgoPEnlru7PS6ctgUq3
Vq8QOTYtf1hNwIa21oR60ttsLgMd4mCQfNsMIG0wYMk78H07hPhfMEBgVRV0HMrN
/9rDKJV7BsDe5jO3SiTWMXuNS+4QOStkdTOKlo+15bh1qC5JlOXRM34ceJgCE3sU
OUc1dLP8jQ0ch85eejUek/7v4IQ0e/msUtua0B8D/k3W9cOmPGYmybeNSVZXoYZ/
Hb0SD0+jAgMBAAGjUDBOMB0GA1UdDgQWBBRakNPiwRqojUIjEY9ZhqJWWE4KUjAf
BgNVHSMEGDAWgBRakNPiwRqojUIjEY9ZhqJWWE4KUjAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBwUc01QjQSyIJ5rpeMzd1AWg4ktUkOnupZSXD8UtXr
1bf299uwFHFi91Ij3EUs+9PaVGNjoN0UYSgzxvljRECIVTOFBRb+bj/UYrTxxR3l
Tmd/2NlUQkJutN0mlg0JKms61Dheip0zBKYxpY0IoNhy+WljVME3dRhNF1v4QnHr
LGu8tg6FIzNSw8LwdAV6mwrvYC1Drle7kXC3ej7VxoIjObUKk+87PX4E9nAtXcbW
gaujM9yMjwk0KrxUpHefbtnYbXlQ647yefibh2HtQtuRmVfxjdbi+RkjxKGoXSk6
lax6jln5NA1FkxiTsSCEJ8kZsyhL++PFaWTADpTSXk2E
-----END CERTIFICATE-----
What am I trying to achieve: ----->
A mutual certificate authentication between server and client, for which I need to use the VERIFY_PEER. But I am not sure if my code is correct or if I am missing something
Issue: ---->
I encounter "SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed" error when I try to connect to the server.
Am I missing any steps or doing something wrong ?
Any help is appreciated!!
If anyone could share a code-snippet for Mutual Certificate authentication with Verify_Peer, even that would be helpful
conn, err := openssl.Dial("tcp", "localhost:8443", ctx, openssl.InsecureSkipHostVerification)