Hi,
can you please tell me more about
1) How to verify a self signed (.crt) key in OpenSSL 1.1.1?
2) Is key generated by OpenSSL 1.0.2 can be used to connect with OpenSSL 1.1.1 and vice versa?
Thanks and regards
Shivakumar
On Mon, Mar 2, 2020 at 2:36 PM Dmitry Belyavsky <beldmit@xxxxxxxxx> wrote:
First, I recommend you not to hurry up :)Second, the validation procedures have changed between 1.0.2 and 1.1.1, 1.1.1 checks more strictly.E.g., a self-signed certificate without "CA:TRUE" will be treated as valid CA cert in 1.0.2 but not valid in 1.1.1On Mon, Mar 2, 2020 at 12:01 PM shiva kumar <shivakumar2696@xxxxxxxxx> wrote:Hi,Please help me, is this an expected behavior?On Mon, Mar 2, 2020 at 1:48 PM shiva kumar <shivakumar2696@xxxxxxxxx> wrote:when I tried to verify the the self signed certificate in OpenSSL 1.0.2 it is giving error 18 and gives OK as o/p, when I tried the same with OpenSSL 1.1.1 there is slight change in the behavior it also gives the same error, but instead of OK it gives different error as "ca.crt: verification failed" as follows.
in OpenSSL 1.0.2
openssl verify ./ca.crt
error 18 at 0 depth lookup:self signed certificate
OK
in OpenSSL 1.1.1
openssl verify ./ca.crt
error 18 at 0 depth lookup:self signed certificate
error /tmp/1.1/conf/ssl.crt/ca.crt: verification failed
# echo $?
2
why I'm getting this error? is this an expected behavior in OpenSSL 1.1.1?
Please answer my question.
--With Best RegardsShivakumar S--With Best RegardsShivakumar S--SY, Dmitry Belyavsky
With Best Regards
Shivakumar S
