HI,
Pls check man page of SSL_load_verify_locations(...) which can be used
in writing the server or client program.
-Lokesh.
On 6/1/05, Vaclav Stepan [EMAIL PROTECTED] wrote:
Hi,
I ran in trouble with the following thing. There is a Debian woody,
with OpenSSL 0.9.6c installed. I am trying to set OpenSSL so it
per default uses CA certificates in /etc/ssl/certs (I want to force
Sylpheed to actually use a CA certificate to verify server certificate).
I put the CA files to /etc/ssl/certs and generated hash names.
If I do
openssl s_client -CApath /etc/ssl -connect ...
then OpenSSL correctly finds the CA certificate and verifies the server
certificate (return code 0).
If I omit the CApath, using the default settins, the verification fails
with
Verify return code: 21 (unable to verify the first certificate)
I searched Google and archives - the only relevant thing I found is
that if it is my client app, I may ask it to use some CA cert.
But how do I set a CApath per default?
Thanks for any hint
Vaclav Stepan
--
Vaclav Stepan
[EMAIL PROTECTED]
http://linux.fjfi.cvut.cz/~w/
--
Vaclav Stepan
[EMAIL PROTECTED]
http://linux.fjfi.cvut.cz/~w/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]