>From: owner-openssl-us...@openssl.org On Behalf Of 133mmx runner >Sent: Monday, 22 July, 2013 07:37
>I am trying to set a SSL connection with double side certificated. >Client has a SSL certificate and server has a SSL certificate. I have >established connection successfully and done data transmission successfully. >At client side i want to be sure that the server SSL certificate >is given from a specific Root. So i move the "/etc/ssl/certs" folder >to clear all trusted certs. But there is no problem at SSL connection. >I continue establishing connection successfully. What is the client? Some client programs can configure their own truststore, and a client that handles client-auth often does. If it does use the default, are you sure that's in /etc/ssl/certs? The compiled default differs on different OSes and sometimes builds (check openssl version -a) and can be overridden by envvars. >After i see the SSL connection fails, i want to place my specified root >to "/etc/ssl/certs" folder. If that (or any) dir is used as CApath put your root cert as a PEM file named or linked fromthe cert's subject hash plus .0. If a *file in it* is used as CAfile just put the cert in PEM in the file. man verify. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
