Re: [EXTERNAL] Certificate gets verified OK over SSL-CLI, but not when using SSL-API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2017-12-22 at 11:14 +0100, Manuel Wagesreither wrote:
> Unfortunately this didn't work either. The end result is the same;
> OpenSSL still emits a "certificate signature failure" with an error
> depth of 0.
> 
In light of what Salz said about verification, could we assume that the
openssl verify program that succeeded is based on the older library?

It could be that your CA cert is missing an extension that OSSL now
checks for, such as (spitballing here) that the certificate is valid
for certificate signing.

You could check by substituting other certificates in your program to
see if the code itself works, and also closely examine your own
certificates to make sure all the requirements are met.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux