CAPI engine seems to break server validation
Brett Stahlman
brettstahlman at gmail.com
Sat Oct 24 16:23:13 UTC 2020
Btw, how do you build the CAPI engine in versions of openssl that don't
have the enable-capieng configure argument (e.g., 1.0.2u)? I tried
-D__COMPILE_CAPIENG, but e_capi.c isn't even being compiled.
Thanks,
Brett S.
On Fri, Oct 23, 2020 at 9:45 AM Matt Caswell <matt at openssl.org> wrote:
>
>
> On 23/10/2020 14:10, Brett Stahlman wrote:
> > It seems that the CAPI engine is breaking the server verification
> somehow.
> > Note that the only reason I'm using the ca-bundle.crt is that I couldn't
> > figure out how to get CAPI to load the Windows "ROOT" certificate
> > store, which contains the requisite CA certs. Ideally, server
> > authentication would use the CA certs in the Windows "ROOT" store, and
> > client authentication would use the certs in the Windows "MY" store, but
> > CAPI doesn't appear to be loading either one.
>
> This is probably the following issue:
>
> https://github.com/openssl/openssl/issues/8872
>
> Matt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201024/49c18338/attachment.html>
More information about the openssl-users
mailing list