On Tue, Apr 26, 2005, John Hoel wrote: > I've made extensive changes to how I generate certificates. Here is a partial > listing of the revised client certificate: > > Certificate: > Data: > Version: 1 (0x0) > Serial Number: > ed:db:89:05:53:74:2b:55 > Signature Algorithm: sha1WithRSAEncryption > Issuer: CN=example CA, ST=Washington, C=US/[EMAIL PROTECTED], O=Root > Certification Authority > Validity > Not Before: Apr 26 17:00:30 2005 GMT > Not After : May 26 17:00:30 2005 GMT > Subject: CN=john, ST=WA, C=US/[EMAIL PROTECTED], O=iWave Testing > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > > This doesn't look like a self signed certificate to me, and 'openssl verify' > reports 'OK'. And yet, when this same certificate is passed to SSL_connect(), > openssl throws the following errors: > > error 18: self signed certificate. > Certificate issuer: /CN=john/ST=WA/C=US/[EMAIL PROTECTED]/O=iWave Testing. > Certificate subject: /CN=john/ST=WA/C=US/[EMAIL PROTECTED]/O=iWave Testing. > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed: > file '.\ssl\s3_clnt.c' line 844. > > Can anyone see how this could happen? >
Its not complaining about that certificate but the CA certificate that issued it. That should be included in the trusted store. Also its a deprecated V1 certificate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
