OpenSSL does not distribute a CA bundle anymore. What is your OS/vendor? What is the name of the file that it was actually validating against, including full pathname?
Which version of OpenSSL are you working with, also? -Kyle H On Tue, Mar 17, 2009 at 9:26 PM, Rodney McDuff <mcd...@its.uq.edu.au> wrote: > I am doing some verifying with openssl on a chain of certs with a > (versign) root CA and all other certs in the CApath directory and it was > giving me a "OKs". A little stracing showed me that openssl was using > the versign root in the openssl ca bundle and not my versign root in my > CApath directory. So even if I removed the versign root from my CApath > directory it would still verify OK. > > As my purpose is to verify against a single set of certs (not two sets > of certs) this behavior is annoying. I can just delete the openssl ca > bundle and get the behavior I want but what else will this break on the > machine. I can't seem to find a cmdline switch or environment variable > to stop it's ca bundle. > > Any ideas. > > -- > Dr. Rodney G. McDuff |Ex ignorantia ad sapientiam > Manager, Strategic Technologies Group| Ex luce ad tenebras > Information Technology Services | > The University of Queensland | > EMAIL: mcd...@its.uq.edu.au | > TELEPHONE: +61 7 3365 8220 | > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
