Hi all, I've encountered something strange. An application we use utilises a file CA_AAA.pem with a whole bunch of root certificates, including an old expired selfsigned (die to legacy). This legacy certificate plays no role in the verification chain. When performing a verify on the windows platform (0.9.8e) or Debian platform (0.9.8e) I see a nice OK while verifying my server-2009-chained.pem certificate file.
However, while doing the same on my Mac ((0.9.7l of 0.9.8i, with the exact same files)I get an "error 20 at 0 depth lookup: unable to get local issuer certificate". When I remove the expired certificate from the CA_AAA.pem the verify also succeeds on the Mac. The expired certificate can be isolated in a separate file and decodes perfectly so the certificate is not corrupt. Anyone with fingerpoints? Arjan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
