Hello, > Wouldn't it be sufficient use SSL_CTX_set_verify_locations to point to > the server's certificate itself ? > > I thought the verification process would accept the certificate as long > as one of the certificates in the chain is trusted, even if it is the > last one. Or first, depending on how you see it. This may be very easy verified: $ openssl verify -CAfile vpn-server-crt.pem vpn-server-crt.pem vpn-server-crt.pem: /C=PL/ST=Warsaw/L=Warsaw/O=Malkom/OU=Malkom Admin/CN=VPN Server error 20 at 0 depth lookup:unable to get local issuer certificate
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]