if set to a number greater then 0 it will verify only chains of that length or less. If the cert chain is greater then the given number validation will fail.
In the case below I would think that it would only work if you are using a self signed cert making the verification depth 1.
Perry [EMAIL PROTECTED] wrote:
Hi, everybody. I'm currently trying to implement a server/client system where the server will only accept connections from clients whose certificate was signed by the server's CA. For security reasons, the client also does verification. When I use s_server, the client-side verification works. When I use my server code, I receive the error message: 11041:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1052:SSL alert number 42 11041:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529: On the server end, if I set the verification depth from 0 to 1, it works. Am I confused about the depth setting, or can anyone tell me if there's something else I might be missing? Thanks much! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
