: openssl-users@openssl.org
Subject: RE: server certificate verification fails
The certificate is for a client and is self signed.
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Dave Thompson [dthomp...@prinpay.com]
Sent
: server certificate verification fails
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
>Sent: Friday, 24 May, 2013 19:48
>I add the server certificate in PEM format to the SSL store using []
>X509_STORE_add_cert(SSL_CTX_get_cert_store(pctx), x509cert);
I assume you
>From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah
>Sent: Friday, 24 May, 2013 19:48
>I add the server certificate in PEM format to the SSL store using []
>X509_STORE_add_cert(SSL_CTX_get_cert_store(pctx), x509cert);
I assume you mean to the truststore of the (or a) client, since
th
On Wed, Apr 04, 2001 at 02:37:23PM +0100, Graeme English wrote:
> I mentioned this since previously I had not defined SSLCertificateChainFile in my
>httpd.conf (apache , mod_perl) and when I did the following (excuse the hack!)
> STACK_OF(X509) *cert_chain = (struct stack_st
>*)S
>>> [EMAIL PROTECTED] 04/04/01 10:32:37 >>>
>> As you say if I the peer sends the certificate chain then the verify error changes
>to X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, but I don't think this is the behavior I
>need (also its up to the web server whether it sends the chain, I believe)
>No,
On Wed, Apr 04, 2001 at 10:03:27AM +0100, Graeme English wrote:
> I'm incorporating OpenSSL into a web browser and what I'm really after is a behavior
>similar to the other browsers around i.e. when an untrusted site is visited the user
>is warned but also gets the option to 'install' the receiv
Thanks Lutz,
I'm incorporating OpenSSL into a web browser and what I'm really after is a behavior
similar to the other browsers around i.e. when an untrusted site is visited the user
is warned but also gets the option to 'install' the received server certificate so
that the next time the site
Evan,
The third parameter to SSL_CTX_load_verify_locations() does not do what
you think. If you have one file with your root CA certificate, make that
filename the second parameter and leave the third NULL, as in
SSL_CTX_load_verify_locations(ctx,CERT_FILE, NULL)
see if that works any bette
