Chi Hsuan Yen <yan12...@gmail.com> writes: > ... > Apparently OpenSSL verifies the whole certificate chain and > report an error as soon as it finds an invalid certificate in the chain.
As it must, if you require verification. When I remember right, you can disable the verification altogether (though you should not for security reasons). > My > questions is: how to tell from several possible causes to > CERTIFICATE_VERIFY_FAILED? Currently both expired self signed certificate > leads to CERTIFICATE_VERIFY_FAILED. Thanks for any help or advice. I would try to find (or write) a utility that follows the certificate chain and provides details information about its state. -- https://mail.python.org/mailman/listinfo/python-list
