client rejecting server certificate

Question

I am new to HTTPS/SSL. I need to write a HTTPS client which will reject all the connection by saying unknown CA . As I understand (through wireshark capture) during SSL connection, first client will send the 'client hello' message. In reply to this server will send message with three record - 'server hello', certificate, 'server hello done'.

What I am trying to achieve here is when the server will send certificate, client should always reject it.

I am trying to achieve it with following code but no luck.

How can I get LWP to validate SSL server certificates?

It's ok if solution is in some other language.

What platform/language are you targeting? – Eugene Mayevski 'Callback Jul 10 '11 at 06:27 — Eugene Mayevski 'Callback, Jul 10 '11 at 06:27

Anders Lindahl · Accepted Answer · 2011-07-08T10:49:31.663

0

It should be enough to do the connection with no (or dummy) CA certificates known to the client. Have you tried setting SSL_ca_path and SSL_ca_file to dummy values?

Edit:

If any language goes, why not try openssls s_client?

openssl s_client -connect www.stackoverflow.com:443

edited Jul 08 '11 at 10:49

answered Jul 08 '11 at 07:08

Anders Lindahl

41,582
9
89
93

Does the SSL library you are using actually verify the CA? It might be accepting any certificate. – Anders Lindahl Jul 08 '11 at 07:36
It looks to me that SSL library is not verifying the CA. I can pass any value to SSL_ca_file and it's still working. – rpg Jul 08 '11 at 07:56

client rejecting server certificate

1 Answers1