On Thu, Feb 03, 2005, Seb James wrote: > Hello all, > > I was having a play with Eric Rescorla's programs implementing simple > openssl client/server comms; the ones from his "An Introduction to > OpenSSL Programming" articles. > > He supplies some self-signed certificates for testing along with the > source accompanying the articles. Now, I compile his software with > openssl version 0.9.7e and the function > > SSL_get_verify_result (ssl) > > throws the error 19, which translates to: > > X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN > > I presume openssl now defaults to refusing to deal with self-signed > certificates due to the well known problems associated with them. >
No it will accept a self signed certificate. It just wont accept an untrusted chain. > Is there a function I can call that will allow self-signed certificates > in my program for the purposes of testing? > You need to add the root CA (in this case the self signed certificate) to the set of trusted certificates. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
