Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I could easily be wrong -- you guys know more about certificates than I ever
will -- but I do not *think* there is any self-signed certificate in this
scenario. There should be exactly two certificates in this discussion:

1. The client certificate. It is not self-signed (in the correct sense of
the term, as opposed to the erroneous popular sense): it is signed by my
"in-house" CA.

2. The CA certificate. Yes, it is a root and self-signed, but you didn't
find it, right? (Because of my error in not running the hash utility.) If
you found it what is the problem? Does the hashing process imply trust? Then
the error message should be "untrusted CA certificate," no? (There is only
one certificate in the CApath folder.)

Am I missing something?

Charles


-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of
Viktor Dukhovni
Sent: Friday, November 30, 2018 4:37 PM
To: openssl-users@xxxxxxxxxxx
Subject: Re:  Self-signed error when using
SSL_CTX_load_verify_locations CApath

> On Nov 30, 2018, at 7:25 PM, Charles Mills <charlesm@xxxxxxx> wrote:
> 
> Well, it ought then to say "I couldn't find any certificates at all"
rather
> than "I found a self-signed certificate" when it did not.

A self-signed certificate was found, in the chain being verified.
The message should likely be more clear (perhaps along the lines
suggested by Michael Wojcik), but it is not incorrect.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux