hi lutz,
you are correct, "issuer" is not self signed (in fact it's
the cert that's provided by default with openssl in the
apps/demoCA dir). so how do i tell the verification
routine to not walk further down the tree? ideally i'd
like to give it a cert that may or may not be self signed
and have it consider that cert to be trusted, therefore
when doing the verification if it finds that the client cert
chain has been signed at some point by this cert it
considers the client cert to be valid. does this make
sense?
thanks for your help!
Lutz Jaenicke wrote:
> You don't give more detailed information about "issuer".
> Is "issuer" a self signed root CA certificate?
> From the error message it seems, that it is not. The "depth 1" indicates,
> that the "issuer" certificate is correctly retrieved from the
> store, but the verification routine tries to walk further down the tree.
> Unfortunately you edited out the "Issuer:" information for the "issuer"
> certificate.
>
> Best regards,
> Lutz
> --
> Lutz Jaenicke [EMAIL PROTECTED]
> http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> BTU Cottbus, Allgemeine Elektrotechnik
> Universitaetsplatz 3-4, D-03044 Cottbus
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
