[openssl-dev] Cannot verify self-signed certificates?
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Dec 15 22:16:37 UTC 2015
> On Dec 15, 2015, at 5:00 PM, Nounou Dadoun <nounou.dadoun at avigilon.com> wrote:
>
> I have actually asked a variant on this question in the path, I would rephrase it as I have a certificate chain which doesn't go all the way back to a self-signed cert. But I "trust" the highest certificate in the chain that I have; is there a way of telling openssl that once it hits this "trusted" certificate, it can stop and return the result. As I recall, the answer was no .. N
With OpenSSL 1.0.2 or greater you can use trust-anchors that are not
self-signed.
API:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
CLI:
openssl verify -partial_chain ...
--
Viktor.
More information about the openssl-dev
mailing list