So as promised, I add some more information.
Unfortunately changing the port where the server is listening did not make any change. The situation is still the same. If I try directly from the server, I get a warning about the fake certificate and if I do it from elsewhere, I get the error that the server is not running SSL.
I had a look at the source code of elog.c and found the point where the error is produced. in order to produce this message, the ssl_connect should be returning -1 and this is only possible in two cases:
if (SSL_connect(*ssl_con) <= 0)
return -1;
cert = SSL_get_peer_certificate(*ssl_con);
if (cert == NULL)
return -1;
So, in the first case, it means that the SSL connection failed completly. In the second case, the peer certificate is invalid.
Is it possible to discriminate between the two, for example changing the return value? Unfortunately I don't have a windows computer with development tools. So it would be great if you could prepare an executable for me with this small change.
Thanks in advance for your help,
cheers,
|