Mark wrote: Hello Mark,
You are still using 0.9.6 ? I strongly recommend that you update OpenSSL to a newer version. 3 year old software is almost like back to stone age...Indeed I have already recommended this too. However we will be using OpenSSL on OpenVMS 7.3-1 and HP's implementation for that platform is based on 0.9.6.
Since 0.9.6 isn't maintained anymore, an upgrade becomes more urgent as the time goes by (and bugs are found).
I use SSL_CTX_load_verify_locations(ctx, root, path). Doesthis do the same thing? Only with X509_STORE_add_cert() you load a cert, set it for verify and add it to the SSL verify data. So you don't have to load it twice. (And you are sure which cert you set and that you really set only one cert...)I'm not sure I understand. Why would I have to load it twice if I don't use X509_STORE_add_cert() ?
Both SSL_CTX_get_cert_store() and and SSL_load_client_CA_file() access the certificate on the file system. With X509_STORE_add_cert() you are loading the cert before you set it in the SSL_CTX (or have it embedded in your program, so you never load id from a file...) Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
