"Kane, Brandon (NJAOST)" wrote:
>
> I'm trying to verify a server certificate, as part of a cert chain. One of
> the CA certs, a verisign intermediate cert, fails in the verify process. I'm
> getting a "invalid CA certificate" error in the callback function. What's
> strange is that if I call:
> openssl verify -verbose -purpose sslserver \
> -CApath d:\myca d:\login1.pem
>
> Where login1.pem is the host certificate in the chain that I'm verifying,
> everything checks out.
> Any help as to what I'm doing wrong would be greatly appreciated.
> Thanks,
> -Brandon
This is probably the server extended key usage bug. Try the latest
snapshot or just replace crypto/x509v3/v3_purp.c with the one in the
latest snapshot.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
