[openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Dec 1 01:38:01 UTC 2018
> On Nov 30, 2018, at 7:33 PM, Sands, Daniel via openssl-users <openssl-users at openssl.org> wrote:
>
>> Viktor's points are all good ones, but considering how often this
>> particular message causes confusion for users and developers (at
>> least in my experience), I wonder whether changing the text to
>> "Untrusted self-signed certificate in certificate chain" would help.
>> That would suggest to the user that the problem might be an issue
>> with the trust store.
>>
> My .02: The message "Self-signed certificate in certificate chain"
> does make it sound like OpenSSL rejected the certificate precisely
> because it's self signed, and not because it's an untrusted root
> certificate. I would suggest a less misleading reason, at least.
Are there compatibility concerns around changing error message
text for which users may have created regex patterns in scripts?
I agree the text could be better, but not sure in what releases
if any to change the text, since the change may cause issues
for some users.
--
Viktor.
More information about the openssl-users
mailing list