First, I recommend you not to hurry up :)
Second, the validation procedures have changed between 1.0.2 and 1.1.1, 1.1.1 checks more strictly.
E.g., a self-signed certificate without "CA:TRUE" will be treated as valid CA cert in 1.0.2 but not valid in 1.1.1
On Mon, Mar 2, 2020 at 12:01 PM shiva kumar <shivakumar2696@xxxxxxxxx> wrote:
Hi,Please help me, is this an expected behavior?On Mon, Mar 2, 2020 at 1:48 PM shiva kumar <shivakumar2696@xxxxxxxxx> wrote:when I tried to verify the the self signed certificate in OpenSSL 1.0.2 it is giving error 18 and gives OK as o/p, when I tried the same with OpenSSL 1.1.1 there is slight change in the behavior it also gives the same error, but instead of OK it gives different error as "ca.crt: verification failed" as follows.
in OpenSSL 1.0.2
openssl verify ./ca.crt
error 18 at 0 depth lookup:self signed certificate
OK
in OpenSSL 1.1.1
openssl verify ./ca.crt
error 18 at 0 depth lookup:self signed certificate
error /tmp/1.1/conf/ssl.crt/ca.crt: verification failed
# echo $?
2
why I'm getting this error? is this an expected behavior in OpenSSL 1.1.1?
Please answer my question.
--With Best RegardsShivakumar S--With Best RegardsShivakumar S
SY, Dmitry Belyavsky
