Mark wrote:
Hi Goetz,
Hello Mark,
You point at it in the context before the handshake. You can eitherpoint at a dir full of digest named ones or a specificroot cert file.Strangely I tried the former which did not work. The latter method appears to work fine (it connected and exchanged data anyway).did you a c_rehash <ca_directory> ? with <ca_directory> being the path to the directory with the CA file(s) ?Yes.
Strange.
Naturally you have to set the directory in openssl with the -CApath command line option and the SSL_CTX_load_verify_locations(ctx, NULL, CApath) function call...I used SSL_CTX_load_verify_locations(ctx, NULL, CApath) but did not use the -CApath option anywhere. Where shouldthat be used?
In the OpenSSL binary... But since you are using an own program, this doesn't matter. Could you do an c_rehash <ca_directory> openssl verify -CApath <ca_directory> cert_to_check If this doesn't work, but a cat <ca_directory>/*.pem >ca.pem openssl verify -CAfile ca.pem cert_to_check works, there is something really strange with your system ... Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
