On sab, 2008-08-02 at 00:21 +0200, .:: Francesco la Torre ::. wrote: > self reply :-) > > I've added a callback function like this > > static int cb(int ok, X509_STORE_CTX *ctx){ > char buf[256]; > > X509_NAME_oneline( > X509_get_subject_name(ctx->current_cert),buf,256); > printf("%s\n",buf); > printf("error %d at %d depth lookup:%s\n",ctx->error, > ctx->error_depth, > X509_verify_cert_error_string(ctx->error)); > > /* Continue even if self signed */ > if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; > > ERR_clear_error(); > > return(ok); > } >
One mistake is here even if there were not compilation error > and also add this line to the main > X509_STORE_set_verify_cb_func(&ca_ctx,cb); > the correct code block is : ... /* load CA cert store */ if (!(CAcerts = X509_STORE_new())) { printf ("\nError1\n"); } ---> X509_STORE_set_verify_cb_func(CAcerts,cb); ... > but the result is always the same : > Not always the boring "Verification error: certificate signature failure" But a new strange error : /C=IT/ST=Italy/O=IIT-CNR/OU=lab18/CN=ubuntu-ser/[EMAIL PROTECTED] error 7 at 1 depth lookup:certificate signature failure Verification error: 0 I've tried to find any kind of reference for this kind of error but google returns not a very good help. In various forum/mailing list this is _classified_ as *quite strange* error ... is it possible ? Thanks in advance, Flt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]