Hi!
The openssl (0.9.6) program s_client request doesn't seem to be using the
default certificate storage, and requires -CApath to get certificates. Upon
looking at the code, I found:
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))
{
/* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
It seems that if CApath is not provided SSL_CTX_load_verify_locations fails and
SSL_CTX_set_default_verify_paths doesn't get called (verified by tracing code).
Is this behavior intentional? Thanks!
Yours,
Konstantine Smaguine
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
