Hi. The problem was that the old openssl binary was still in the path when the new c_rehash was done for the new versions. The fingerprint was different between the different openssl versions.
Please cancel the bug report. Sorry for any inconvenience. //Magnus. Greetings, This message has been automatically generated in response to the creation of a trouble ticket regarding: "Bug report, verify using CApath not working any more", a summary of which appears below. There is no need to reply to this message right now. Your ticket has been assigned an ID of [openssl.org #3578]. Please include the string: [openssl.org #3578] in the subject line of all future correspondence about this issue. To do so, you may reply to this message. Thank you, [email protected] ------------------------------------------------------------------------ - Hi. I have problem to use the CA path to verify the certificate from the server in my SSL client. I used the command "openssl s_client -connect www.server.se:443 <http://www.server.se:443/> -CApath /opt/etc/certs/ca_root" to verify my certificates. The command works on an old openssl distribution: OpenSSL 0.9.8j 07 Jan 2009 But fails on: OpenSSL 1.0.1e 11 Feb 2013 OpenSSL 1.0.1g 11 Apr 2014 OpenSSL 1.0.1h 5 Jun 2014 OpenSSL 1.0.2-beta2 22 Jul 2014 OS: Linux 3.0.101-0.8-default #1 SMP Fri Nov 1 12:51:09 UTC 2013 (2417eb9) x86_64 x86_64 x86_64 GNU/Linux Error message is: Verify return code: 21 (unable to verify the first certificate) //Magnus. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
