|
Hi, You can use the function SSL_CTX_set_verify to declare a callback function which be called by the OpenSSL framework if an error occured during the default certificate verification. In your callback function, return 1 when the error is equal to X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html# for an example Hope this help Frédéric. Seb James wrote: Hello all, I was having a play with Eric Rescorla's programs implementing simple openssl client/server comms; the ones from his "An Introduction to OpenSSL Programming" articles.He supplies some self-signed certificates for testing along with the source accompanying the articles. Now, I compile his software with openssl version 0.9.7e and the function SSL_get_verify_result (ssl) throws the error 19, which translates to: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN I presume openssl now defaults to refusing to deal with self-signed certificates due to the well known problems associated with them. Is there a function I can call that will allow self-signed certificates in my program for the purposes of testing? regards, Seb |
- Re: Self signed certificates PAILLETTE Frédéric
- Re: Self signed certificates Dr. Stephen Henson
