Re: [openssl.org #2700] BUG: v1.0.0 / openssl verify no longer works with -CApath

Tue, 31 Jan 2012 13:18:37 -0800 

Hi Steve,
  You're correct:  it's just an issue of the new hash form.  My apologies; I 
thought I'd checked the hash output, but I must've gotten mixed up.  It works 
fine with the proper hash-links in place.

Kevin




>________________________________
> From: Stephen Henson via RT <[email protected]>
>To: [email protected] 
>Cc: [email protected] 
>Sent: Tuesday, January 31, 2012 2:39 PM
>Subject: [openssl.org #2700] BUG: v1.0.0 / openssl verify no longer works with 
>-CApath 
> 
>> [[email protected] - Tue Jan 31 18:45:29 2012]:
>> 
>> Hi,
>>   This is a bug report against v1.0.0: openssl verify no longer works
>> with -CApath.  `cat'ing the contents of -CApath into a file and using
>> -CAfile does still work:
>> 
>> With a properly configured CApath:
>> 
>> $ ls ./trust_root/
>> DoD_Root_CA_2.pem
>> DOD_Bundle.pem
>> DOD-Email-CA-24.pem.cer
>> ffb07f59.0 -> DOD-Email-CA-24.pem.cer
>> f445e798.0 -> DoD_Root_CA_2.pem
>> 
>
>Have you tried rebuilding the links using OpenSSL 1.0.0 or later? The
>link algorithm changed from 0.9.8->1.0.0.
>
>Steve.
>-- 
>Dr Stephen N. Henson. OpenSSL project core developer.
>Commercial tech support now available see: http://www.openssl.org
>
>
>
>
Hi Steve,
  You're correct:  it's just an issue of the new hash form.  My apologies; I thought I'd checked the hash output, but I must've gotten mixed up.  It works fine with the proper hash-links in place.

Kevin

From: Stephen Henson via RT <[email protected]>
To: [email protected]
Cc: [email protected]
Sent: Tuesday, January 31, 2012 2:39 PM
Subject: [openssl.org #2700] BUG: v1.0.0 / openssl verify no longer works with -CApath

> [[email protected] - Tue Jan 31 18:45:29 2012]:
>
> Hi,
>   This is a bug report against v1.0.0: openssl verify no longer works
> with -CApath.  `cat'ing the contents of -CApath into a file and using
> -CAfile does still work:
>
> With a properly configured CApath:
>
> $ ls ./trust_root/
> DoD_Root_CA_2.pem
> DOD_Bundle.pem
> DOD-Email-CA-24.pem.cer
> ffb07f59.0 -> DOD-Email-CA-24.pem.cer
> f445e798.0 -> DoD_Root_CA_2.pem
>

Have you tried rebuilding the links using OpenSSL 1.0.0 or later? The
link algorithm changed from 0.9.8->1.0.0.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org



Reply via email to