easyaccess
Member
I have spent more than a week trying to solve this issue. I also searched through this forum thoroughly, but I only can get this far. I guess it is time for me to ask for more help from you experts :-(
Any hint or sample code for openssl or native objective-c code would be helpful.
I can use command line openssl to connect to M1 on MacOS:
openssl s_client -connect ip_address:2601 -crfl
The following info is printed for the connection:
CONNECTED(00000003)
depth=0 /C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
verify error:num=10:certificate has expired
notAfter=Jun 18 17:42:34 2011 GMT
verify return:1
depth=0 /C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
notAfter=Jun 18 17:42:34 2011 GMT
verify return:1
---
Certificate chain
0 s:/C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
i:/C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICdTCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCTkMxEjAQBgNVBAcTCUhpbGRlYnJhbjEMMAoGA1UEChMDRWxrMRQw
EgYDVQQLEwtFbmdpbmVlcmluZzEOMAwGA1UEAxMFTTFYRVAwHhcNMTAwNjE4MTc0
MjM0WhcNMTEwNjE4MTc0MjM0WjBiMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTkMx
EjAQBgNVBAcTCUhpbGRlYnJhbjEMMAoGA1UEChMDRWxrMRQwEgYDVQQLEwtFbmdp
bmVlcmluZzEOMAwGA1UEAxMFTTFYRVAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
0uff81UIherLT0Rdi/TJjg1HNFPlB50lXpzTKkXtXuL6neNMVPeKU+E3LPtcwrU+
kMBXkFcjQ8neN7q4QXITbwIDAQABo4G/MIG8MB0GA1UdDgQWBBSaRB+cQV+2fDHB
yPf/sfKFQ9rhOTCBjAYDVR0jBIGEMIGBgBSaRB+cQV+2fDHByPf/sfKFQ9rhOaFm
pGQwYjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRIwEAYDVQQHEwlIaWxkZWJy
YW4xDDAKBgNVBAoTA0VsazEUMBIGA1UECxMLRW5naW5lZXJpbmcxDjAMBgNVBAMT
BU0xWEVQggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQBJ5hZG8FGI
+lEIrZo47c57oHZW2EegmbGaK02PUopYqzV3pu4pITm2k+zddIONMxq2aj5r/qLs
EilImfw8nLHI
-----END CERTIFICATE-----
subject=/C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
issuer=/C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
---
No client certificate CA names sent
---
SSL handshake has read 790 bytes and written 264 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 512 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 5F08640FD8CCAAB3DFE2F459DA07D7DC854B75E9C7EA3F2D473E653ED46EB416
Session-ID-ctx:
Master-Key: 9A76460387A14B748F3AA2C846FA611917E44C5AB7D4681A446C69B784567C6F6106133E771913AFBFC6781B063BF37E
Key-Arg : None
Start Time: 1346042926
Timeout : 300 (sec)
Verify return code: 10 (certificate has expired)
---
However, after I port the whole openssl package to ios and try to use C code to connect to M1, it always fails and get me following info:
CONNECTED(00000003)
140735215864252:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 14 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1346142021
Timeout : 300 (sec)
Verify return code: 0 (ok)
Any hint or sample code for openssl or native objective-c code would be helpful.
I can use command line openssl to connect to M1 on MacOS:
openssl s_client -connect ip_address:2601 -crfl
The following info is printed for the connection:
CONNECTED(00000003)
depth=0 /C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
verify error:num=10:certificate has expired
notAfter=Jun 18 17:42:34 2011 GMT
verify return:1
depth=0 /C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
notAfter=Jun 18 17:42:34 2011 GMT
verify return:1
---
Certificate chain
0 s:/C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
i:/C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICdTCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCTkMxEjAQBgNVBAcTCUhpbGRlYnJhbjEMMAoGA1UEChMDRWxrMRQw
EgYDVQQLEwtFbmdpbmVlcmluZzEOMAwGA1UEAxMFTTFYRVAwHhcNMTAwNjE4MTc0
MjM0WhcNMTEwNjE4MTc0MjM0WjBiMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTkMx
EjAQBgNVBAcTCUhpbGRlYnJhbjEMMAoGA1UEChMDRWxrMRQwEgYDVQQLEwtFbmdp
bmVlcmluZzEOMAwGA1UEAxMFTTFYRVAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
0uff81UIherLT0Rdi/TJjg1HNFPlB50lXpzTKkXtXuL6neNMVPeKU+E3LPtcwrU+
kMBXkFcjQ8neN7q4QXITbwIDAQABo4G/MIG8MB0GA1UdDgQWBBSaRB+cQV+2fDHB
yPf/sfKFQ9rhOTCBjAYDVR0jBIGEMIGBgBSaRB+cQV+2fDHByPf/sfKFQ9rhOaFm
pGQwYjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRIwEAYDVQQHEwlIaWxkZWJy
YW4xDDAKBgNVBAoTA0VsazEUMBIGA1UECxMLRW5naW5lZXJpbmcxDjAMBgNVBAMT
BU0xWEVQggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQBJ5hZG8FGI
+lEIrZo47c57oHZW2EegmbGaK02PUopYqzV3pu4pITm2k+zddIONMxq2aj5r/qLs
EilImfw8nLHI
-----END CERTIFICATE-----
subject=/C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
issuer=/C=US/ST=NC/L=Hildebran/O=Elk/OU=Engineering/CN=M1XEP
---
No client certificate CA names sent
---
SSL handshake has read 790 bytes and written 264 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 512 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 5F08640FD8CCAAB3DFE2F459DA07D7DC854B75E9C7EA3F2D473E653ED46EB416
Session-ID-ctx:
Master-Key: 9A76460387A14B748F3AA2C846FA611917E44C5AB7D4681A446C69B784567C6F6106133E771913AFBFC6781B063BF37E
Key-Arg : None
Start Time: 1346042926
Timeout : 300 (sec)
Verify return code: 10 (certificate has expired)
---
However, after I port the whole openssl package to ios and try to use C code to connect to M1, it always fails and get me following info:
CONNECTED(00000003)
140735215864252:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 14 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1346142021
Timeout : 300 (sec)
Verify return code: 0 (ok)