Thank you for your quick answer.
I was indeed using an older version.
I'll get a hand on 0.9.5a...
Nicolas Roumiantzeff
-----Message d'origine-----
De : Dr S N Henson <[EMAIL PROTECTED]>
À : [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date : vendredi 8 septembre 2000 13:37
Objet : Re: X509_verify_cert() wierdness
>Nicolas Roumiantzeff wrote:
>>
>> Hi all,
>>
>> I have a problem with an SSL server that uses a self-signed certificate.
>> Using the standard callback function to check the certificate chain I get
>> the X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error and if I simply ignore
this
>> specific error then any self-signed certificate is accepted not just
those
>> specified in the X509_STORE.
>>
>
>OpenSSL 0.9.5a should now allow the use of a self signed SSL server
>certificate using the standard verify function if the same certificate
>is placed in the store.
>
>You can test this with (on 0.9.5a):
>
>openssl verify ss.pem
>[error]
>
>openssl verify -CAfile ss.pem ss.pem
>[hopefully no error]
>
>Versions of OpenSSL before 0.9.5a didn't support this.
>
>Steve.
>--
>Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
>Personal Email: [EMAIL PROTECTED]
>Senior crypto engineer, Celo Communications: http://www.celocom.com/
>Core developer of the OpenSSL project: http://www.openssl.org/
>Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
