dear list,
further to my question earlier today i've been able to figure out
what's going on and i have an interim solution, though i think the
situation warrants an openssl bug report.
in my micro-app, i wasn't setting up any client or server
verification requirements. these seem to default to "no
verification", so the cert chain was being checked but the errors
ignored.
in the SOAP app, someone was requiring server verification, and
openssl didn't like the self-signed cert in the chain, so the
verification failed.
for now, i've disabled server verification in my openssl setup, and
that seems to make things work (duh). of course this isn't a good
long-term solution but it will have to do for now.
bug report: openssl rejects certificates which have self-signed
elements in the chain, regardless of whether there are other trusted
elements in the chain. my server certificates were generated using
conventional procedures, and so it seems prudent to remark that
openssl will probably barf on a good number of server certs out there.
again - the certs on my servers work 100% fine with all the major
browsers, the Windows version of my program, and all our Java SSL
clients. wget doesn't work, because it uses openssl.
thanks for the bandwidth.
jason
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
