I've got a C* setup with SSL enabled (per node certs with CN set to hostname) and client-to-node encryption. While cqlsh work correctly I can't get the cpp-driver to verify certificate (with verification disabled I can connect to that node). It throws following error:
Error verifying peer certificate: self signed certificate in certificate chain.
openssl is able to verify node certificate with the ca chain specified (same used by the driver):
# openssl s_client -connect node:9042 -showcerts -CAfile /etc/certs/ca.pem
[!snip]
No client certificate CA names sent
---
SSL handshake has read 3794 bytes and written 325 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
[!snip]
Verify return code: 0 (ok)
Any ideas on what can go wrong here?
Cheers,
-Jacek
--
You received this message because you are subscribed to the Google Groups "DataStax C++ Driver for Apache Cassandra User Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cpp-driver-user+unsubscribe@lists.datastax.com.
To unsubscribe from this group and stop receiving emails from it, send an email to cpp-driver-user+unsubscribe@lists.datastax.com.