And when i passed ca-cert.pem to my client i got an error:
Failure(Os { code: -2146869244, kind: "The signature of the certificate cannot be verified" }
(maybe text of error is not like i wrote because i got it on russian language but after debugging i found that code is winapi code pPolicyStatus CERT_CHAIN_POLICY_BASE)
Code of client is liike:
let contents = fs::read("pki/server-cert.pem").unwrap();
let certificate = Certificate::from_pem(contents.as_slice()).unwrap();
builder.add_root_certificate(certificate);
builder.disable_built_in_roots(true);
let connector = builder.build().unwrap();
let stream = TcpStream::connect("ip_of_server:port").unwrap();
let mut stream = connector.connect("my-server.blabla", stream).unwrap();
stream.write_all(b"Hello there").unwrap();
let mut res = vec![];
stream.read_to_end(&mut res).unwrap();
println!("{}", String::from_utf8_lossy(&res));
and this code failed on "unwrap" of connector.connect("my-server.blabla", stream)
Linux client made handshake successfully.
In wireshark i see that client try to [FIN, ACK] after receive "Client Key Exchange" instead of send data to server.
What am i doing wrong?
p.s. when i generate keys in win10 linux-server panicked after parsing p12 with error:
"140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310".
Maybe that's because win10 use weak signature algo like md5 and can't apply any stronger algo's?
I generated a keypair with:
And when i passed ca-cert.pem to my client i got an error: Failure(Os { code: -2146869244, kind: "The signature of the certificate cannot be verified" } (maybe text of error is not like i wrote because i got it on russian language but after debugging i found that code is winapi code pPolicyStatus CERT_CHAIN_POLICY_BASE) Code of client is liike:
and this code failed on "unwrap" of connector.connect("my-server.blabla", stream)
Linux client made handshake successfully.
In wireshark i see that client try to [FIN, ACK] after receive "Client Key Exchange" instead of send data to server.
What am i doing wrong?
p.s. when i generate keys in win10 linux-server panicked after parsing p12 with error: "140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:310". Maybe that's because win10 use weak signature algo like md5 and can't apply any stronger algo's?