I also posted this question on the users mailing list. Hello,
we are writing an client/server-application in C/C++ using OpenSSL. The communication works fine, but if we set the client to verify the server's certificate (using "SSL_set_verify(ssl, SSL_VERIFY_PEER, ourVerifyCallback);") we get the error: "unable to get local issuer certificate" which is explained here: http://www.openssl.org/docs/apps/verify.html#item_20 Some background information on our Certificate hierarchy: We have a custom, self-signed CA certificate and a Server certificate that is directly signed by the CA certificate. Out certificate chain therefore has a depth of 1. To solve the verification problem on client side, it works if we call this: SSL_CTX_load_verify_locations(sslContext, "PATH/TO/CA_FILE.pem", 0); That's fine, but is it possible to verify the server's certificate on client side by specifying a whole directory or a perhaps the copy of the server's certificate file directly? In our examples, verification fails if we don't specify a file that contains the CA certificate among others. Thanks in advance Konrad ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
