>From stackoverflow: "These hash values will comes from the Subject DN of each CA certificate (since the aim is to look for a CA certificate with the subject matching the issuer of the certificate to verify). You can either usec_rehash as documented, or get the Subject DN's hash using openssl x509 -subject_hash -noout -in cacert.pem and rename the file/link accordingly."
On Thu, Aug 15, 2013 at 12:01 PM, Andrew H <andrew_ya...@hotmail.com> wrote: > I have two version of OpenSSL on my OSX file system, the default 0.9.8r > and 1.0.1e. > For the later I'm having trouble getting the syntax of the command > correct, I think. > > When I used this (in 1.0.1e's directory, /opt/localbin): > ./openssl s_client -connect foo.foo.foo.foo:443 ( replace the foo's ). > I get responses that included the Cipher is NONE and 'unable to get local > issuer certificate' messages. > > Without the ./, using the default openssl, this works fine, the cipher is > populated and no local issuer messages. > > I tried variations of the CApath argument with no success: > -CApath /System/Library/OpenSSL/certs/ > That's the system path from 'openssl version -d' > I messed around with similar values in the verify argument. > There's obviously a fundamental misunderstanding on my part regarding the > proper usage of these arguments. > > Tips appreciated. > > Andrew >
