Hello! I created two self signed certificates with identical settings only differing in the encryption system used: One using RSA and one using DH/DSA. Both certificates were packed to one certificate file that is passed on to SSL_CTX_load_verify_locations().
Now when trying to connect, only the connection to service using the first certificate in the file will work. Trying to connect to the other service results in an error, e.g.: Error with certificate at depth 0 issuer = /C=DE/L=Bad Hersfeld/O=Hypercom/CN=bhe-mmeixner2.foobar.com/[email protected] subject = /C=DE/L=Bad Hersfeld/O=Hypercom/CN=bhe-mmeixner2.foobar.com/[email protected] error 18:self signed certificate Swapping the certificates in the certificate also swaps reachability of the services. Creating new certificates with different email addresses worked around this problem. It looks like OpenSSL stops searching for certificates as soon as it has found a certificate with matching common name. Is this behaviour of OpenSSL correct? - Matthias Meixner ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
