Hi Adriana ,
Adriana Rodean wrote:
Hi all,
We patched it on cygwin and got executables to run, but when I try to
connect to server I got the following from client:
Debug3: ssh_x509cert_check: for ‘c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd’
ssh_x509store_cb: subject=‘c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd’, error
20 at 0 depth lookup:unable to get local issuer certificate
Ssh_verify_cert: verify error, code=20, msg=’ unable to get local
issuer certificate’
I run executable under Windows with cygwin dlls in same folder.
Thank you,
Adriana.
To verify server certificate you need "trust certificate chain".
See ssh_config manual page for "x509_store" optionslike
CACertificateFile and CACertificatePath and also UserCACertificateFile
and UserCACertificatePath.
You could check openssh x509 store with openssl command:
$ openssl --verify [-CApath directory] [-CAfile file] certificate
In you case openssl arguments -CApath -CAfile correspond to openssh
config options {|User}CACertificatePath {|User}CACertificateFile and
certificate is you server certificate.
Roumen
