Milan Sova <[EMAIL PROTECTED]>:
> [...] the verify_callback() function allways gets
> X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN error
> and never X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT in ctx->error.
> Using openssl binary (there are no certificates in /tmp):
> $ openssl s_client -connect svti.feld.cvut.cz:443 -verify 3 -CApath /tmp
[...]
> verify error:num=19:self signed certificate in certificate chain
> verify return:1
> But doing the same with SSLeay-0.6.6:
> $ ssleay s_client -host svti.feld.cvut.cz -port 443 -verify 3 -CApath /tmp
[...]
> verify error:num=11:unable to get issuer certificate
That server returns a chain of two certificates, both error messages
make sense -- the current one makes more sense because it reveals
more about what went wrong (the issuer's certificate *is* available,
but it is not found at CApath).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
