[openssl-dev] [openssl.org #4510] SSL certificate problem: unable to get local issuer certificate. Bug?

SMS Conversation via RT rt at openssl.org
Sat May 7 15:02:28 UTC 2016 

Hello Steve,

Any suggestions where to turn?  This is a new windows image with xampp and
very little else.  The program seems to be straightforward.

Your guidance would be helpful, but you can consider this issue closed for
openssl.

Thanks... George

On Sat, May 7, 2016 at 6:37 AM, Stephen Henson via RT <rt at openssl.org>
wrote:

> On Fri May 06 22:37:55 2016, nbhfgq at gmail.com wrote:
> > Hello Steve,
> >
> > *If I do not indicate the location of the cert*
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> >
> > > PS C:\OpenSSL-Win32\bin> .\openssl s_client -connect
> > > www.googleapis.com:443
> > > CONNECTED(00000088)
> > > depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
> > > verify error:num=20:unable to get local issuer certificate
> > > ---
>
> OK we get an error above which is expected.
>
> > > Verify return code: 20 (unable to get local issuer certificate)
> >
>
> And confirmed above.
>
> >
> > *I point to the the newest cert*
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> >
> > > PS C:\OpenSSL-Win32\bin> .\openssl s_client -CAfile
> > > 'C:\xampp\php\cacert.pem' -connect www.googleapis.com:443
> > > CONNECTED(000000D8)
> > > depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
> > > verify return:1
> > > depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
> > > verify return:1
> > > depth=0 C = US, ST = California, L = Mountain View, O = Google Inc,
> > > CN = *.
> > > googleapis.com
> > > verify return:1
>
> No error.
>
> > > Verify return code: 0 (ok)
> >
>
> And similarly above no error.
>
> >
> > *When I point to the old cert*
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> >
> > > PS C:\OpenSSL-Win32\bin> .\openssl s_client -CAfile
> > > 'C:\xampp\php\cacert_old.pem' -connect www.googleapis.com:443
> > > CONNECTED(00000140)
> > > depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate
> > > Authority
> > > verify return:1
> > > depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
> > > verify return:1
> > > depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
> > > verify return:1
> > > depth=0 C = US, ST = California, L = Mountain View, O = Google Inc,
> > > CN = *.
> > > googleapis.com
> > > verify return:1
>
> Again no error.
>
> > > Verify return code: 0 (ok)
> > >
> > >
> >
>
> And again confirmed above.
>
> It looks like with s_client it is working in both the old and new cases.
>
> So I'm not sure what the problem is: it doesn't seem to be an issue with
> OpenSSL though.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4510
> Please log in as guest with password guest if prompted
>
>

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4510
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list