HI, Pls check man page of SSL_load_verify_locations(...) which can be used in writing the server or client program.
-Lokesh. On 6/1/05, Vaclav Stepan <[EMAIL PROTECTED]> wrote: > Hi, > > I ran in trouble with the following thing. There is a Debian woody, > with OpenSSL 0.9.6c installed. I am trying to set OpenSSL so it > per default uses CA certificates in /etc/ssl/certs (I want to force > Sylpheed to actually use a CA certificate to verify server certificate). > > I put the CA files to /etc/ssl/certs and generated hash names. > If I do > openssl s_client -CApath /etc/ssl -connect ... > > then OpenSSL correctly finds the CA certificate and verifies the server > certificate (return code 0). > > If I omit the CApath, using the default settins, the verification fails > with > Verify return code: 21 (unable to verify the first certificate) > > I searched Google and archives - the only relevant thing I found is > that if it is my client app, I may ask it to use some CA cert. > > But how do I set a CApath per default? > > Thanks for any hint > > Vaclav Stepan > -- > Vaclav Stepan > [EMAIL PROTECTED] > http://linux.fjfi.cvut.cz/~w/ > > > -- > Vaclav Stepan > [EMAIL PROTECTED] > http://linux.fjfi.cvut.cz/~w/ > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]