I was recently working on a project which required revolved around the OpenSSL library. For those of you who have played around with OpenSSL in the past, you know the error messages are not very helpful.
8#0: *3 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 192.168.99.1, server: 0.0.0.0:443
I get it, a bad certificate is bad, but what the hell is alert number 42?
Cracking the code
Just like everything when it comes to development, always go back to the source. This tactic has proved extremely successful for me.
Using the header filer from the OpenSSL project, like in the GitHub link below, you are able to turn it into a Rosetta stone and provide context in the errors.
If you search for the constant value from the OpenSSL error, you can find the name of the constant, in this instance
# define X509_V_ERR_INVALID_POLICY_EXTENSION 42
The next steps would be to look at your implementation and correct any invalid policy extensions.
comments powered by Disqus