> On Dec 2, 2018, at 7:43 PM, Charles Mills wrote:
>
> Sorry, I do not have a packet capture tool configured.
>
> I have a verify callback with a lot of trace messages. I can see that it is
> only entered once; X509_STORE_CTX_get_error_depth() is 1.
>
> Does that tell us anything useful?
No fu
[mailto:openssl-users-boun...@openssl.org] On Behalf Of
Kyle Hamilton
Sent: Saturday, December 1, 2018 10:29 PM
To: openssl-users
Subject: Re: [openssl-users] Self-signed error when using
SSL_CTX_load_verify_locations CApath
Wireshark and other packet capture tools can help you determine
exactly what's i
ient, and generated the
> certificate, and loaded it into the certificate store.)
>
> Charles
>
> -Original Message-
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Viktor Dukhovni
> Sent: Saturday, December 1, 2018 12:47 PM
> To: o
-users] Self-signed error when using
SSL_CTX_load_verify_locations CApath
On Sat, Dec 01, 2018 at 12:29:42PM -0800, Charles Mills wrote:
> I could easily be wrong -- you guys know more about certificates than I
ever
> will -- but I do not *think* there is any self-signed certificate in thi
On Sat, Dec 01, 2018 at 12:29:42PM -0800, Charles Mills wrote:
> I could easily be wrong -- you guys know more about certificates than I ever
> will -- but I do not *think* there is any self-signed certificate in this
> scenario. There should be exactly two certificates in this discussion:
>
> 1.
tor Dukhovni
Sent: Friday, November 30, 2018 4:37 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Self-signed error when using
SSL_CTX_load_verify_locations CApath
> On Nov 30, 2018, at 7:25 PM, Charles Mills wrote:
>
> Well, it ought then to say "I couldn't find any c
> On Nov 30, 2018, at 7:25 PM, Charles Mills wrote:
>
> Well, it ought then to say "I couldn't find any certificates at all" rather
> than "I found a self-signed certificate" when it did not.
A self-signed certificate was found, in the chain being verified.
The message should likely be more clea
x27;t work that way." I
would reply "I understand. I'm asking you to change the code."
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Friday, November 30, 2018 3:35 PM
To: openssl-users@ope
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Friday, November 30, 2018 16:35
>
> > On Nov 30, 2018, at 5:00 PM, Charles Mills wrote:
> >
> > "Self-signed certificate in certificate chain" does not to me convey "No
> > certificate hash link
> On Nov 30, 2018, at 5:00 PM, Charles Mills wrote:
>
> "Self-signed certificate in certificate chain" does not to me convey "No
> certificate hash links" (or "CA certificate not found in hash links").
That's not really possible, because the code that's doing certificate
validation works with a
Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Friday, November 30, 2018 10:22 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Self-signed error when using
SSL_CTX_load_verify_locations CApath
> On Nov 30,
> On Nov 30, 2018, at 12:47 PM, Charles Mills wrote:
>
> I am using a client certificate that was signed by my “homegrown” CA (which
> uses the OpenSSL utility). When I point to the CA .PEM with
> SSL_CTX_load_verify_locations CAfile it works perfectly. When instead I use
> CApath to point to
(Apologies if a duplicate - I think I mis-sent the first attempt.)
I wrote a TLS server application that runs under Windows and has been
working successfully for years. I am currently using OpenSSL 1.1.0f. When I
wrote the code I only supported a single CA file for client certificates. I
pass t
13 matches
Mail list logo
