There are a couple of alternatives. You can set a callback function in the SSL_set_verify method. This callback function can then be used to mask the self-signed error.( See http://openssl.org/docs/ssl/SSL_CTX_set_verify.html# ) Alternatively, on the client side, you can invoke SSL_set_verify() method with the flag SSL_VERIFY_NONE.
BTW, it is a potentially insecure system that you have if you intend to do this unless your only goal is to provide enryption and not authentication. PS On Thu, Feb 19, 2009 at 2:22 AM, Anri Lau <anri...@gmail.com> wrote: > > All, > > I encountered a problem. There is no trusted cert list in my system, so I > have to ignore the certificate chain self signed error. Which API can I use? > > Two API invocation below do not worked. > > SSL_CTX_set_trust(ctx, X509_TRUST_SSL_CLIENT); > X509_STORE_set_trust(store, 1); > > Thank you. > > -- > Best regards to you and your family >
