> On Dec 2, 2018, at 7:43 PM, Charles Mills <charlesm@xxxxxxx> wrote: > > Sorry, I do not have a packet capture tool configured. > > I have a verify callback with a lot of trace messages. I can see that it is > only entered once; X509_STORE_CTX_get_error_depth() is 1. > > Does that tell us anything useful? No further information is required. Your client certificate chain includes a self-signed root CA as a direct issuer of its certificate. That root CA was not found in the server's trust store. Someone should submit a pull request to improve the error message, if they've not done so yet. -- -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
