I ran the same test with OpenSSL v0.9.8o on linux. As soon as verifyCallback is returned 0, connect() fails with the CERT_UNTRUSTED error from SSL_get_verify_result() as expected. Here's the log:
OpenSSL 0.9.8o 01 Jun 2010 compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall built on: Wed Feb 23 00:42:27 UTC 2011 platform: debian-i386 OPENSSLDIR: "/usr/lib/ssl" TCP connection successful >>>> verifyCallback() - in: preverify_ok=0 Verify error: unable to get local issuer certificate(20) - depth=1 - sub ="/C=US/O=Google Inc/CN=Google Internet Authority" <<<< verifyCallback() - out SSL handshake failed: SSL_ERROR_SSLFAIL Does this mean 0.9.8r has a bug??? If so, then it would be a pretty bad one because clients that use the version would connect to untrusted servers... Any thoughts? - Yutaka ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
