On Fri, 2017-12-22 at 11:14 +0100, Manuel Wagesreither wrote: > Unfortunately this didn't work either. The end result is the same; > OpenSSL still emits a "certificate signature failure" with an error > depth of 0. > In light of what Salz said about verification, could we assume that the openssl verify program that succeeded is based on the older library?
It could be that your CA cert is missing an extension that OSSL now checks for, such as (spitballing here) that the certificate is valid for certificate signing. You could check by substituting other certificates in your program to see if the code itself works, and also closely examine your own certificates to make sure all the requirements are met. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
