Oh my, I figured it out after digging through the OpenSSL source code.
My CA certificate and the client certificate both had the same common
name, so they were clobbering each other.
Changing the name of the CA certificate solved the problem.
On Sun, 15 Nov 2020 at 14:10, Samuel Williams
wrote:
Hello
I generate a CA (self signed), and then generate a certificate from
that CA, which should be used by a HTTP/2 client and server during
testing.
This code was working as recently as 12 months ago, but it seems like
something has stopped it from verifying correctly.
Here is how the CA is gen