Every time I run "openssl s_client -connect example.com:443", I get a
"Verify return code: 20 (unable to get local issuer certificate)".
It works, if I specify a -CAfile. The problem is I have to specify this
_every_ time I run the command.
Would you accept a patch that uses ${OPENSSLDIR}/cert.pem as default for
-CAfile ? Or whatever you think might be better, e.g. ca-bundle.crt.
I do understand that openssl does not supply a root CA bundle, but most
systems have one installed. A lot of admins set a link or copy that bundle
into ${OPENSSLDIR}. It does not really help though, since you always have to
specify it via the -CAfile parameter.
Cheers,
Helmut
--
regards Helmut K. C. Tessarek
lookup http://sks.pkqs.net for KeyID 0xC11F128D
/*
Thou shalt not follow the NULL pointer for chaos and madness
await thee at its end.
*/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
