> From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah > Sent: Friday, 18 January, 2013 20:02
> Pls, see my comments below. > > -----Original Message----- > From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson > Sent: Friday, January 18, 2013 7:55 PM > To: openssl-users@openssl.org > Subject: RE: Openssl server certificates validation error > > >From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah > >Sent: Friday, 18 January, 2013 17:54 > > >I am having problem with server certificate verification the > >SSL_get_verify_result() returns Error code 20. > > >I add a (xx.cert) file to the window certificate store as > follow.<snip> > > >On OpenSSL startup, the file is read from window certifcate store and > >saved into the X509 certificate store. <snip> > > Is that X509_STORE *the* store in the (relevant) SSL_CTX? [HS] Yes > > What cert is xx.cert? [HS] xx.cert is a self-signed > certificate file generated in Win2012 server. > Are you sure that's the cert the server is using? I believe verify 20 should not occur if using a selfsigned cert. (If it's not in the local truststore, I get 18, not 20.) Try commandline with (only) that cert file e.g. openssl s_client -connect yourhost:port -CAfile xx.cert and see what verify results that gets. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
