> Ok, SSL_VERIFY_PEER enforces all verification errors to be enforced,
> thus SSL_connect() will result in hard failure, as shown below.
> You will never reach the SSL_get_verify_result() below.
No, you are right, Ive been trying stuff...
> > openssl req -config ${MIX_HOME}/ssl/openssl.cnf -new -x509 -keyout
> > $MIX_HOME/ssl/key${MY_ID}.pem -out ${MIX_HOME}/ssl/cert${MY_ID}.pem
> > -nodes
>
> Hmm. This shall result in self-signed certificates???
> Do they pass the "openssl verify" test?
do you mean this?
delfin ~/dmix/mixes/mix0/ssl>ls -R
.:
ca cert0.pem key0.pem openssl.cnf
./ca:
b319c4fe.pem bf801f59.pem cert0.pem cert1.pem cert2.pem
ec419faf.pem
delfin ~/dmix/mixes/mix0/ssl>openssl verify -CApath ca cert0.pem
cert0.pem: /C=SE/O=SICS/OU=ARC0/CN=delfin.sics.se
error 18 at 0 depth lookup:self signed certificate
OK
delfin ~/dmix/mixes/mix0/ssl>
In that case no. What is wrong, if I am supposed be able to use
self-signed certs.
Best regards:
Douglas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
