1 (edited by beaveryoga 2024-01-24 04:47:22)

Topic: [SOLVED] Client verification failing

When the server has the root cert only but client sends the rest of the chain, is verification supposed to work?

Client cert chain: A(root) -> B(intermediate) -> C(end entity)

Server loads A-only as trust anchor

Client sends chain: C-B or C-B-A

Server sends

01E4463837F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1586:SSL alert number 48

wolfSSL v5.6.6-stable configured with --enable-distro --enable-pkcs11

[UPDATE] My bad: the client was sending cert C only, sorry for the noise

Share