webMethods Knowlegebase : Nirvana C++ iOS SDK 64bit with OpenSSL Implementation (1761043)

Problem

Customer application gets a certificate error when running with the new 64-bit NUM iOS client library released as v706.

Exception: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Failed to connect to Realm on first attempt RNAME[0] was nhps://p3.svr.us.net:9409/ <nhps://p3.svr.us.net:9409/> nSession: Unable to connect to remote server

Customer requested an iOS NUM 64-bit client library that does not have OpenSSL linked in to it. This was delivered as v706 of the client library.

The application runs fine if no SSL is used. The same application with the previous version of the Nirvana library runs fine. Only when replacing the libraries in the same application with the new 64-bit ones, does the site get the SSL error and can’t connect to the realm.

The 64-bit client was tested with both OpenSSL 101.j and 101.h, with no difference in results.

The certificate is a Verisign one, and the OpenSSL verify utility confirms that it is valid.

Testing with the OpenSSL s_client and the Verisign certificate also shows a normal handshake with the NUM server.

Usually certificate verification errors are caused by a missing or invalid certificate in the truststore, or a different truststore being loaded than the expected one.

Turn on SSL tracing for the NUM server by adding Java property...

DJavax.net.debug=all

...to the realms nserver.lax file.

This will show the certificates sent to the server when the client attempts to log on.