[openssl-users] SSL_CTX_load_verify_locations only with CAPath
Dr. Roger Cuypers
roger.cuypers at technisat.de
Fri Jul 3 15:01:08 UTC 2015
Hello there,
I'm trying to do peer client verification using the SSL_CTX_load_verify_locations function in conjunction with the SSL_get_peer_certificate and SSL_get_verify_result function. If I SSL_get_verify_result call this way setting CAFile, it will work for me:
SSL_CTX_load_verify_locations( sslContext, "D:\\certs\\-.wikipedia.org.crt", NULL );
However, setting only CAPath will not:
SSL_CTX_load_verify_locations( sslContext, NULL, "D:\\certs" );
This will result in a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error.
The cert directory D:\\certs looks like this:
-.wikipedia.org.crt
ca_client.jks
ca_server.jks
My expectation would be that the library uses -.wikipedia.org.crt
As it is the only certificate available or am I doing something wrong?
API is openssl-1.0.2c.
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150703/d94c13ba/attachment.html>
More information about the openssl-users
mailing list