Hi, there,
I am new in SSL and have a problem on verifying a self-signed certificate.
I am working on client side. When verify a self-signed certificate, I
suppose
to get the verify_result = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT.
But actually, I received X509_V_ERR_INVALID_PURPOSE.
I debugged in verify_callback and observed three continue entries. The
ctx->error
of the fist entry was X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT.
But it was changed immediately to X509_V_ERR_INVALID_PURPOSE in the
2nd and 3rd entries.
The question is
1. How can I keep X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT as
the final error which is what I expected and may be used later?
2. Why the error became invalid purpose? I didn't set purpose in my SSL
session.
So SSL should select its default (X509_PURPOSE_SSL_SERVER).
I use openssl-0.9.5a on WinNT platform. May anybody help me figure out the
problems? Thanks in advance.
Hua
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
