Hello,
I am new to vibe.d and am trying to create a TLS client connection following the simple TLS client example in http://vibed.org/api/vibe.stream.tls/. This is my code:
import vibe.core.net;
import vibe.stream.tls;
void main()
{
auto conn = connectTCP("kernel.org", 443);
auto sslctx = createTLSContext(TLSContextKind.client);
auto stream = createTLSStream(conn, sslctx);
//stream.write("Hello, World!"); // Not actually sending anything at this point.
stream.finalize();
conn.close();
}
When running this progam, I get an exception thrown:
object.Exception@../../.dub/packages/vibe-d-0.8.4/vibe-d/tls/vibe/stream/openssl.d(381): Connecting TLS tunnel: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (337047686)
So this looks like certificates are somehow missing, so I added one line to specify my system’s file of certificates:
import vibe.core.net;
import vibe.stream.tls;
void main()
{
auto conn = connectTCP("kernel.org", 443);
auto sslctx = createTLSContext(TLSContextKind.client);
sslctx.useTrustedCertificateFile("/etc/ssl/certs/ca-certificates.crt"); // added this line
auto stream = createTLSStream(conn, sslctx);
//stream.write("Hello, World!"); // Not actually sending anything at this point.
stream.finalize();
conn.close();
}
Now I get a different exception thrown:
object.Exception@../../.dub/packages/vibe-d-0.8.4/vibe-d/tls/vibe/stream/openssl.d(207): Peer failed the certificate validation: 50
I found that “50” refers to X509_V_ERR_APPLICATION_VERIFICATION, returned by SSL_get_verify_result(). For this code I found documentation in the X509_STORE_CTX_get0_cert man page, describing it as
an application specific error. This will never be returned unless explicitly set by an application.
I’m a bit lost, I don’t know that much about TLS, openssl or certificates. What am I doing wrong?