> From: openssl-users On Behalf Of Jerry OELoo > Sent: Wednesday, February 04, 2015 21:54 > I am using openssl 1.0.2 on windows 7 OS. > > I have put some root certificate files into a folder certs. when I > using X509_STORE_load_locations() to load this folder into store, it > returns 1 means success, > but when I using X509_verify_cert(), it will return 0, and error shows > 19(self signed certificate in certificate chain). Nitpick: STORE_load_locations (and CTX_load_verify_locations which uses it) actually loads the contents of a CAfile into memory, but it only stores the *name* of a CApath and *later* dynamically loads files from that directory. Did you use filenames, or possibly* linknames, based on subject hash as described in https://www.openssl.org/docs/apps/verify.html ? * Windows beginning AIR XP or maybe NT does support links on NTFS, but they're not easy to use and not well known, and I think I saw a recent bug report that they don't even work for OpenSSL, at least sometimes. Less likely but possible if these files were prepared on an another system: did you use hashnames created with OpenSSL >1.0.0 or higher<? Is this a FAQ yet?
