On Thu, Oct 05, 2000 at 10:37:05AM -0400, George Staikos wrote:
> On Thu, 05 Oct 2000, Lutz Jaenicke wrote:
> > On Thu, Oct 05, 2000 at 10:16:58AM -0400, George Staikos wrote:
> > > I have found that using a .crt bundle instead of a hashed directory works.
> > > Perhaps is this code broken in 0.9.6?
> >
> > What do you mean by "broken"?
> > I performed some tests myself, cannot see a problem.
> > Did you remember to perform a "c_rehash /name/of/directory/"?
>
> Yes I did...
>
> The problem only seems to be reproducible on Redhat 7.0 so far, but I
> haven't had enough people test it yet. Basically, RSA/Verisign signed
> certificates all are determined to be expired by the X509 verification code.
> Thawte certificates work fine. Also if I print the notBefore and notAfter
> dates, they are ok. This is visible on sites like www.verisign.com and
> www.microsoft.com. I still don't know if this is related to a bug in the
> compiler or not.
Hmm, I just took the Verisign certificates from the ca-bundle included in
mod_ssl, unpacked them into a directory and performed on HP-UX:
c_rehash .
openssl s_client -verify 5 -CApath . -connect www.verisign.com:https
I did not get any verification errors.
Unfortunately I don't have any Linux box with 0.9.6 around. A check
will have to wait until I come home... (SuSE 6.4, 0.9.6 installed)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
