On 23/10/2020 14:10, Brett Stahlman wrote: > It seems that the CAPI engine is breaking the server verification somehow. > Note that the only reason I'm using the ca-bundle.crt is that I couldn't > figure out how to get CAPI to load the Windows "ROOT" certificate > store, which contains the requisite CA certs. Ideally, server > authentication would use the CA certs in the Windows "ROOT" store, and > client authentication would use the certs in the Windows "MY" store, but > CAPI doesn't appear to be loading either one. This is probably the following issue: https://github.com/openssl/openssl/issues/8872 Matt
