>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah >Sent: Friday, 18 January, 2013 17:54
>I am having problem with server certificate verification >the SSL_get_verify_result() returns Error code 20. >I add a (xx.cert) file to the window certificate store as follow.<snip> >On OpenSSL startup, the file is read from window certifcate store >and saved into the X509 certificate store. <snip> Is that X509_STORE *the* store in the (relevant) SSL_CTX? What cert is xx.cert? To verify a server handshake against a store containing one cert, that cert must be the CA root cert used by the server cert, and the server must include any/all chain certs (which it should, that's best practice, but some don't). OpenSSL does not currently support trust anchors other than roots, as for example IE (or maybe stunnel, I'm not sure) and Firefox do, although there have been recent posts indicating it will in the future. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
