Hi, can you please tell me more about 1) How to verify a self signed (.crt) key in OpenSSL 1.1.1? 2) Is key generated by OpenSSL 1.0.2 can be used to connect with OpenSSL 1.1.1 and vice versa?
Thanks and regards Shivakumar On Mon, Mar 2, 2020 at 2:36 PM Dmitry Belyavsky <beld...@gmail.com> wrote: > First, I recommend you not to hurry up :) > > Second, the validation procedures have changed between 1.0.2 and 1.1.1, > 1.1.1 checks more strictly. > E.g., a self-signed certificate without "CA:TRUE" will be treated as valid > CA cert in 1.0.2 but not valid in 1.1.1 > > > > On Mon, Mar 2, 2020 at 12:01 PM shiva kumar <shivakumar2...@gmail.com> > wrote: > >> Hi, >> Please help me, is this an expected behavior? >> >> On Mon, Mar 2, 2020 at 1:48 PM shiva kumar <shivakumar2...@gmail.com> >> wrote: >> >>> when I tried to verify the the self signed certificate in OpenSSL 1.0.2 >>> it is giving error 18 and gives OK as o/p, when I tried the same with >>> OpenSSL 1.1.1 there is slight change in the behavior it also gives the >>> same error, but instead of OK it gives different error as "*ca.crt: >>> verification failed*" as follows. >>> >>> >>> >>> *in OpenSSL 1.0.2* >>> >>> openssl verify ./ca.crt >>> >>> *error 18* at 0 depth lookup:self signed certificate >>> >>> *OK* >>> >>> >>> *in OpenSSL 1.1.1 * >>> >>> openssl verify ./ca.crt >>> >>> *error 18* at 0 depth lookup:self signed certificate >>> >>> *error /tmp/1.1/conf/ssl.crt/ca.crt: verification failed* >>> >>> # echo $? >>> >>> 2 >>> >>> >>> why I'm getting this error? is this an expected behavior in OpenSSL >>> 1.1.1? >>> >>> Please answer my question. >>> >>> >>> >>> >>> -- >>> *With Best Regards* >>> *Shivakumar S* >>> >> >> >> -- >> *With Best Regards* >> *Shivakumar S* >> > > > -- > SY, Dmitry Belyavsky > -- *With Best Regards* *Shivakumar S*
