> On Thu, Jun 10, 2010, Chris Bare wrote: > > > I have 2 different certs with the same subject name in a CA dir: > > > > lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 -> other.pem > > lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1 -> ssl.pem > > > > when I try to establish an ssl connection: > > > > openssl s_client -verify 10 -connect example.com:443 -CApath same_names > > > > I get: > > > > Verify return code: 18 (self signed certificate) > > > > it appears to be choosing 0721e1e6.0, because if I delete that one, it > > works. > > > > Since there is no requirement that Subject Names be unique, is there a way > > to > > make this work? > > > > Is that the only certificate in the chain or are there others?
yes, in my test case they are self-signed and the only cert in the chain. > Those certificates need the subject key identifier extension and those issued > the authority key identifier extension. > -- Chris Bare ch...@bareflix.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
