Hi, I'm doing final testing of some code on a production server and I have one website/SSL certificate that is randomly failing when I try to verify the certificate. Some times it works, some times it doesn't, try it again a short while later and its fine.
I don't know the technology on the web server so its possible its some sort of cluster and I guess that might be causing the issue. SSL_get_verify_result is returning "unable to get local issuer certificate" X509_NAME_oneline (X509_get_subject_name... And X509_NAME_oneline (X509_get_issuer_name... return identical information in either case. The certificates have been extracted from firefox and I've used c_rehash to create the required links. I'm at a bit of a loss as to why it works sometime for this certificate and sometimes it fails to validate. Does SSL_get_peer_certificate actually request the certificate from the remote server (and thus this could be failing) or does it simply return a pointer to the certificate that has already been passed as part of the ssl negotiation? I've checked 77 other sites/certificates and they are all working fine with my code - no errors at all - all day. I'm using openssl-0.9.8g-12 but before I upgrade I was wondering if there are any known issues or anyway I can debug what is going on, perhaps get openssl to tell me which file it is looking for and why it is raising an error. Any help appreciated. Thanks Duncan -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
