Hi openssl-er, I'm newbie in the openssl. Recently, I ported the openssl to my embedded linux device and ran the openssl command. But there was an error occured. I had done google search a lot, but I didn't find the answer. My issue is strange, my test steps like below: 1. copy the openssl, libs, cacert.pem to the embedded linux platform.
2. run the command: /tmp #:./openssl s_client -connect curl.haxx.se:443 -CAfile /tmp/cacert.pem 3. the error log is ------log ---------------- CONNECTED(00000003) depth=0 CN = anja.haxx.se verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = anja.haxx.se verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=anja.haxx.se i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate ---------------------------------- 4. my openssl version -d and version is /tmp # ./openssl version OpenSSL 1.1.0c 10 Nov 2016 /tmp # ./openssl version -d OPENSSLDIR: "/home/georgeyang/workspace/speech_code/openssl/openssl/final" 5. In my PC, I found this command worked well. It could return the ok value. Although the openssl version is 1.0.1f. So I think my cacert.pem is right. 6. I also used other command like: /tmp # ./openssl s_client -connect curl.haxx.se:443 -CApath /tmp/cacert.pem /tmp # ./openssl s_client -CApath /home/georgeyang/workspace/speech_code/openssl/openssl/final/ -connect curl.haxx.se:443 /tmp # ./openssl s_client -connect curl.haxx.se:443 -servername curl.haxx.se -key /etc/ssl/private/ssl-cert-snakeoil.key -CAfile /etc/ssl/certs/cacert.pem But they are all NG. In google, they all said -CAfile or -CApath could help, But it doesn't work for me. >"< Please help Thx
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users