[openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath
Charles Mills
charlesm at mcn.org
Sat Dec 1 21:46:51 UTC 2018
> It was found in the chain of certificates sent by the client to the
> server for validation
Again, I could be wrong but that is my point. I do not think the client is
sending a chain of certificates, but rather only one, the CA-signed client
certificate. (I wrote and configured the client, and generated the
certificate, and loaded it into the certificate store.)
Charles
-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Saturday, December 1, 2018 12:47 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] Self-signed error when using
SSL_CTX_load_verify_locations CApath
On Sat, Dec 01, 2018 at 12:29:42PM -0800, Charles Mills wrote:
> I could easily be wrong -- you guys know more about certificates than I
ever
> will -- but I do not *think* there is any self-signed certificate in this
> scenario. There should be exactly two certificates in this discussion:
>
> 1. The client certificate. It is not self-signed (in the correct sense of
> the term, as opposed to the erroneous popular sense): it is signed by my
> "in-house" CA.
>
> 2. The CA certificate. Yes, it is a root and self-signed, but you didn't
> find it, right?
You seem to be stuck on a narrow meaning of the word "found". The
self-signed certificate *was* found, but not in the trust-store.
It was found in the chain of certificates sent by the client to the
server for validation. That's what the error message is telling
More information about the openssl-users
mailing list