It is indeed.
The reason load_verify_locations(ctx, 0, caPath) isn't working as expected, is
because that method places requirements on how the certificate files in there
are named.
When you run load_verify_locations(ctx, caFile, 0), all certificates are in
caFile are loadad and added to your
Oscar Jacobsson wrote:
Hi!
From the SSL_CTX_load_verify_locations manpage:
If CApath is not NULL, it points to a directory containing CA certificates in
PEM format. The files each contain one CA certificate. The files are looked up
by the CA subject name hash value, which must hence be
Only problem is that this is on Windows and the standard c_rehash wont
work.
In which case instead of making links you need to make copies. Using
Kermit script this can be done as
copy cert.pem {\fcommand(openssl x509 -hash -noout -in cert.pem).0}
I'm sure someone can write the
Dr S N Henson wrote:
Only problem is that this is on Windows and the standard c_rehash wont
work.
Ah.
Oh well, the functionality can be emulated quite easily by mimicking the script.
First make sure we can actually verify our cert directly by file:
openssl verify -CAfile ca.crt user.crt
Dr S N Henson wrote:
Only problem is that this is on Windows and the standard c_rehash wont
work.
Actually, after looking at the c_rehash code, and removing the (IMHO quite
redundant) stuff that sifts through the path and tries to find the openssl
command, it works just fine on windows, using
On Thu, 29 Nov 2001, Jeffrey Altman wrote:
Only problem is that this is on Windows and the standard c_rehash wont
work.
In which case instead of making links you need to make copies. Using
Kermit script this can be done as
copy cert.pem {\fcommand(openssl x509 -hash -noout -in
Thanks for all the reply. One point to note is that my
path contain only one file/cert, say file.pem. And I
have verified that this cert works, using:
_load_verify_locations(ctx,c:\\path\\file.pem,NULL).
However, _(ctx,NULL,c:\\path\\) does not work.
Do you think it is the rehash problem that
I have a trusted cert, say c:\path\file.pem on
Windows FAT32. Using
SSL_CTX_load_verify_locations(ctx,c:\\path\\file.pem,NULL),
I managed to verify the peer cert correctly.
However, using
SSL_CTX_load_verify_locations(ctx,NULL,c:\\path\\),
the verification failed. There is only one file in
that
Hi!
From the SSL_CTX_load_verify_locations manpage:
If CApath is not NULL, it points to a directory containing CA certificates in
PEM format. The files each contain one CA certificate. The files are looked up
by the CA subject name hash value, which must hence be available. If more than
one CA