I also created the server certificate based on the same book and chapter. It is using the same trusted certificate (root.pem) as the client. This is an application that connects to itself, outbound as a client and inbound as a server. Makes for compact testing.
Thanks for the tip about CA.pl. I was unware of it. I'll give it a try. ______________________________ John Hoel Product Author Skywire Software 2401 Internet Blvd., Suite 201 Frisco, Texas 75034 (972)377-1110 main (425)396-4687 direct [EMAIL PROTECTED] www.skywiresoftware.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: Tuesday, April 26, 2005 2:00 PM To: openssl-users@openssl.org Subject: Re: FW: openssl verify conflicts with SSL_connect On Tue, Apr 26, 2005, John Hoel wrote: > I created these certificates based on chapter 5 of "Network Security with > OpenSSL". The client certificate is signed with the root CA, and that in > turn is the only item in the trusted store (root.pem). Why would this not > work? Here is a partial listing of the root CA: > There are lots of old instructions around in various help files, cookbooks or even text books. The preferred way to create certificates is the CA.pl script. You said you get that error when you pass the certificate to SSL_connect(). So presumably your are connecting to an SSL server and its the server that gives that error? Have you added root.pem to the server trusted store? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] NO RELIANCE: This e-mail will be of no force of effect and will not be binding unless a hard copy of this e-mail, signed by an authorized official of the company, has been sent to the recipient of this message. CONFIDENTIAL AND/OR PROPRIETARY: Information contained in this transmission is intended for the use of the individual or entity named above and may contain legally proprietary or confidential information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this communication is strictly prohibited. If you have received this communication in error, please permanently delete this message and immediately notify us by telephone at 972-377-1110. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
