> > Hence, if at all, verification requirements must have been lowered in the
> > new OpenSSL version.
>
> No, it is also the case that the new version now more correctly accepts
> some chains as valid that because of bugs, the old version did not.
Understood! My reply was related to message on
Dear Viktor,
that's quite an detailed elaboration. I have learned something from what you
posted, but as far as this problem is concerned, we we're able to get rid of
your problems by upgrading to OpenSSL 1.1.0g. I'm sure what you conveyed will
be of help when diagnosing future OpenSSL problems
Am Fr, 22. Dez 2017, um 20:31, schrieb Sands, Daniel:
> On Fri, 2017-12-22 at 11:14 +0100, Manuel Wagesreither wrote:
> > Unfortunately this didn't work either. The end result is the same;
> > OpenSSL still emits a "certificate signature failure" with an error
>
Thanks for your feedback. Unfortunately I cannot include the certificate raw
data as it may contain sensitive information. Also, I'm unable to replace them
with self-made certificates as I don't know the parameters the original ones
were created with in the first place. The original creators are
Dear all,
I just found out that this problem only occurs when I'm linking the executable
against libssl 1.0.1k. When linking against libssl 1.1.0f, the certificate does
get validated fine.
Does anyone know possible reasons? Do these libssl versions differ in regard to
certificate validation? I
fication flow goes
> as follows:
>
> X509_STORE_CTX_new()
> X509_STORE_CTX_init(ctx,NULL,cert,NULL) <-- The certificate to verify
> X509_STORE_CTX_trusted_stack(ctx,CACertificateStack) <-- Perhaps this
> is the difference?
> X509_verify_cert(ctx)
>
>
> O
Dear all,
I forgot to mention that I'm using OpenSSL 1.0.2k.
Regards
Manuel
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Dear all,
I'm struggling with programatically verifying a certificate which is solely
stored in memory, i. e. not on the file system. The certificate and the CA seem
to be fine though, because when I extract them from memory and store them as a
file, and use the `openssl verify`, verification i
