> On Dec 2, 2018, at 7:43 PM, Charles Mills <charl...@mcn.org> wrote:
>
> Sorry, I do not have a packet capture tool configured.
>
> I have a verify callback with a lot of trace messages. I can see that it is
> only entered once; X509_STORE_CTX_get_error_depth() is 1.
>
> Does that tell us anything useful?
No further information is required. Your client certificate chain
includes a self-signed root CA as a direct issuer of its certificate.
That root CA was not found in the server's trust store.
Someone should submit a pull request to improve the error message, if
they've not done so yet.
--
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
