Hi openssl-er,
I'm newbie in the openssl.
Recently, I ported the openssl to my embedded linux device and ran the openssl command.
But there was an error occured.
I had done google search a lot, but I didn't find the answer.
My issue is strange, my test steps like below:
1. copy the openssl, libs, cacert.pem to the embedded linux platform.
2. run the command:
/tmp #:./openssl s_client -connect curl.haxx.se:443 -CAfile /tmp/cacert.pem
3. the error log is
------log ----------------
CONNECTED(00000003)
depth=0 CN = anja.haxx.se
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = anja.haxx.se
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=anja.haxx.se
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
----------------------------------
4. my openssl version -d and version is
/tmp # ./openssl version
OpenSSL 1.1.0c 10 Nov 2016
/tmp # ./openssl version -d
OPENSSLDIR: "/home/georgeyang/workspace/speech_code/openssl/openssl/final"
5. In my PC, I found this command worked well. It could return the ok value.
Although the openssl version is 1.0.1f.
So I think my cacert.pem is right.
6. I also used other command like:
/tmp # ./openssl s_client -connect curl.haxx.se:443 -CApath /tmp/cacert.pem
/tmp # ./openssl s_client -CApath /home/georgeyang/workspace/speech_code/openssl/openssl/final/ -connect curl.haxx.se:443
/tmp # ./openssl s_client -connect curl.haxx.se:443 -servername curl.haxx.se -key /etc/ssl/private/ssl-cert-snakeoil.key -CAfile /etc/ssl/certs/cacert.pem
But they are all NG.
In google, they all said -CAfile or -CApath could help, But it doesn't work for me. >"<
Please help
Thx
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
