Re: CApath in the config file
On 03/05/2013 00:00, Phil Pennock wrote: On 2013-04-30 at 01:17 +0200, Arthur Carcano wrote: Good evening everyone, Please excuse me if it has already been asked but is there a way to make openssl s_client use my directory with every certificates (as with -CApath) once and for all ? Export $SSL_CERT_DIR into the environment of the process, perhaps via your shell initialisation files. Since you mention a GUI client, then you might instead use a file sourced during setup of X11; which to use depends upon your Operating System, distribution, window manager, etc. For Debian/Ubuntu, export SSL_CERT_DIR=... in ~/.xsessionrc -Phil Well I've tried your suggestion and it doesn't seem to work : |export SSL_CERT_DIR = /etc/ssl/certs openssl s_client -connect paypal.com:443 #complains about self-signed certificate from verysign openssl s_client -connect paypal.com:443 -CApath $SSL_CERT_DIR #works| I may have missed something about export and the shell though. --Arthur
Re: CApath in the config file
On 2013-04-30 at 01:17 +0200, Arthur Carcano wrote: Good evening everyone, Please excuse me if it has already been asked but is there a way to make openssl s_client use my directory with every certificates (as with -CApath) once and for all ? Export $SSL_CERT_DIR into the environment of the process, perhaps via your shell initialisation files. Since you mention a GUI client, then you might instead use a file sourced during setup of X11; which to use depends upon your Operating System, distribution, window manager, etc. For Debian/Ubuntu, export SSL_CERT_DIR=... in ~/.xsessionrc -Phil __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
CApath in the config file
Good evening everyone, Please excuse me if it has already been asked but is there a way to make openssl s_client use my directory with every certificates (as with -CApath) once and for all ? Claws-mail is relying on it and doesn't manage to automatically asses good certificates whereas /etc/ssl/certs is populated with certs from common CA (verysign etc...). Thanks in advance ! Arthur Carcano __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org