After some more investigation, the problem seems to happen only with OpenSSL (v0.9.8r) preinstalled with Mac OS X 10.6.8.
If the test program is linked against *locally* built 0.9.8r, CERT_UNTRUSTED is correctly reported by SSL_get_verify_result(). Log: OpenSSL 0.9.8r 8 Feb 2011 compiler: cc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings -fasm-blocks -O3 -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DZLIB -mmacosx-version-min=10.6 -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall built on: Wed Nov 16 13:53:59 PST 2011 platform: darwin64-x86_64-cc OPENSSLDIR: "/usr/local/ssl" TCP connection successful >>>> verifyCallback() - in: preverify_ok=0 Verify error: unable to get local issuer certificate(20) - depth=1 - sub ="/C=US/O=Google Inc/CN=Google Internet Authority" <<<< verifyCallback() - out SSL handshake failed: SSL_ERROR_SSLFAIL Looking at the compile options, the only difference is the compiler openssl is built with: Default build: darwin64-x86_64-cc (did not detect CERT_UNTRUSTED) Local build: darwin64-x86_64-llvm (detected CERT_UNTRUSTED correctly) Unfortunately, I cannot build libssl/libcrypto with darwin64-x86_64-llvm and I cannot check if that makes any difference. Does anyone has any thoughts? - Yutaka ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
