On Tue, 26 Jul 2011 21:22:47 +0200, Arno Schuring wrote: (...)
I've carefully read your tests below and I get the same as you. > So I guess the original question is solved, "put the certificate in > /usr/local/share/ca-certificates" is really the correct solution. Okay. > But then there are two more questions open: > - why does openssl respond differently when I specify a CApath that > should be the system default? Dunno, but look: sm01@stt008:~$ openssl version -a | grep -i ssldir OPENSSLDIR: "/usr/lib/ssl" And there is a symlink there to the proper path for certs: sm01@stt008:~$ ls -la /usr/lib/ssl total 43 drwxr-xr-x 4 root root 176 ene 6 2011 . drwxr-xr-x 145 root root 43512 jul 6 13:24 .. lrwxrwxrwx 1 root root 14 nov 14 2009 certs -> /etc/ssl/certs drwxr-xr-x 2 root root 336 ene 6 2011 engines drwxr-xr-x 2 root root 192 ene 6 2011 misc lrwxrwxrwx 1 root root 20 ene 6 2011 openssl.cnf -> /etc/ssl/openssl.cnf lrwxrwxrwx 1 root root 16 nov 14 2009 private -> /etc/ssl/private So why if we don't specify the "-CApath" this does not work? :-? > - what is the correct way to check whether a ca-certificate is installed > correctly? Maye this the expected when issuing openssl from command line? Because the symlink seems to be working fine: openssl s_client -connect pop.gmail.com:995 -showcerts -CApath /usr/lib/ssl (...) Verify return code: 0 (ok) Greetings, -- Camaleón -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
