On Thu, Jun 29, 2000 at 04:18:53PM +0100, [EMAIL PROTECTED] wrote:
> Hi all again
>
> I found a strange behaviour when loading CA certificate by calling the
> following functions.
>
> I find that if my CA certificate is not in working directory the app will
> not find it although I submit the path to the keys...
>
> if ((!SSL_CTX_load_verify_locations(m_pCtx,m_sCACert,m_sKeyPath)) ||
> (!SSL_CTX_set_default_verify_paths(m_pCtx)))
>
> This is the error I get:
> 382:error:02001002:system library:fopen:system
> lib:.\crypto\bio\bss_file.c:104:f
> open('CA_cer.pem','r')
>
> And thus I checked the code and found that it uses fopen giving only the
> filename... not the path...
The "path" and "file" are two seperate items.
The "file" contains CA information concatenated and must be an absolute
filename.
The "path" is the name of a directory containing several CA certificate
files (one file per CA), with additional hash-softlinks for lookup as
created by c_rehash...
The behaviour is slightly different, as the CA-certificates in the file
are listed as acceptable CAs to a client, while the ones in the directory
are not (thats why there is the SSL_CTX_set_client_CA_list() function).
Unfortunately, this part is not documented in manpages, yet.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
