Hello there, I'm trying to do peer client verification using the SSL_CTX_load_verify_locations function in conjunction with the SSL_get_peer_certificate and SSL_get_verify_result function. If I SSL_get_verify_result call this way setting CAFile, it will work for me: SSL_CTX_load_verify_locations( sslContext, "D:\\certs\\-.wikipedia.org.crt", NULL ); However, setting only CAPath will not: SSL_CTX_load_verify_locations( sslContext, NULL, "D:\\certs" ); This will result in a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error. The cert directory D:\\certs looks like this: -.wikipedia.org.crt ca_client.jks ca_server.jks My expectation would be that the library uses -.wikipedia.org.crt As it is the only certificate available or am I doing something wrong? API is openssl-1.0.2c. Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150703/d94c13ba/attachment.html>
