Greetings, I guess this question must have been asked quite a lot over here, but I couldn't find any traces of it so I guess I'll repeat it.
I can't seem to be able to verify (using 'openssl verify') - without openssl spitting a X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT - a server certificate that was signed with a custom-made CA even though I pass the CA certificate using the -CAfile switch. I've tried -purpose and also using -CApath instead of -CAfile but to no avail. Is this a feature, a bug or am I just doing it wrong? Shouldn't a self-signed certificate get verified when a user _manually_ also passes a certificate he considers trusted? Also, is there any documentation on how SSL_CTX_set_cert_store() be used? It seems to me that it's the correct way to validate a self-signed certificate through the OpenSSL API. Many thanks! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
