Nicolas Roumiantzeff wrote:
>
> Hi all,
>
> I have a problem with an SSL server that uses a self-signed certificate.
> Using the standard callback function to check the certificate chain I get
> the X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error and if I simply ignore this
> specific error then any self-signed certificate is accepted not just those
> specified in the X509_STORE.
>
OpenSSL 0.9.5a should now allow the use of a self signed SSL server
certificate using the standard verify function if the same certificate
is placed in the store.
You can test this with (on 0.9.5a):
openssl verify ss.pem
[error]
openssl verify -CAfile ss.pem ss.pem
[hopefully no error]
Versions of OpenSSL before 0.9.5a didn't support this.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]