Hello,
Adding some more infor about openssl version used: /etc/trusted_certs # openssl version -a OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Wed Oct 16 10:54:53 EDT 2013 platform: linux-generic32 options: bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr) compiler: armv7at2vfpneon-target-linux-gnueabi-gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIO -Wall -g -Os -fomit-frame-pointer -pipek OPENSSLDIR: "/usr/lib/ssl" engines: dynamic Is it something wrong about the way is compiled? Regards, Ionut On Mon, Jan 20, 2014 at 1:39 PM, Putinei .Ionut <putineiio...@gmail.com>wrote: > Hello guys, > > > seen in changelog > > The functions X509_STORE_add_cert() now checks for an > exact match, rather than just subject name. > > Can someone please explain me how to debug this and make things work? > Maybe because certificates are wrong...or using deprecated api? > > > PS: the problem with validate peer on ssl connection was solved by setting > the clock properly. > Still need to load the trust chain so I can verify some signed xmls. > > Thanks, > Ionut > > > On Tue, Jan 14, 2014 at 2:52 PM, Putinei .Ionut <putineiio...@gmail.com>wrote: > >> Hello guys, >> >> I do not know if this is a openssl issue or curl/xmlsec. >> I have certificates for trust chain (x509) that are not loaded by >> xmlsec and also does not validate peer on ssl connection. >> >> The fails in xmlsec report error at openssl function <X509_STORE_add_cert> >> >> Run environment is arm. >> xmlsec library on host (x86) it works it works ----is same version. >> >> On host openssl is older.....the default version from ubuntu 12.04 and i >> have no problems ..neither with errors from xmlsec neither from curl. >> >> *certifcates have same md5sum both on host and arm environment. >> >> >> If you know a patch that is must apply please share. >> >> Thanks, >> Ionut >> >> >> >> >