Btw, how do you build the CAPI engine in versions of openssl that don't have the enable-capieng configure argument (e.g., 1.0.2u)? I tried -D__COMPILE_CAPIENG, but e_capi.c isn't even being compiled. Thanks, Brett S.
On Fri, Oct 23, 2020 at 9:45 AM Matt Caswell <[email protected]> wrote: > > > On 23/10/2020 14:10, Brett Stahlman wrote: > > It seems that the CAPI engine is breaking the server verification > somehow. > > Note that the only reason I'm using the ca-bundle.crt is that I couldn't > > figure out how to get CAPI to load the Windows "ROOT" certificate > > store, which contains the requisite CA certs. Ideally, server > > authentication would use the CA certs in the Windows "ROOT" store, and > > client authentication would use the certs in the Windows "MY" store, but > > CAPI doesn't appear to be loading either one. > > This is probably the following issue: > > https://github.com/openssl/openssl/issues/8872 > > Matt >
