[openssl-users] How to load local certificate folder on windows
dthompson at prinpay.com
Fri Feb 6 17:03:50 UTC 2015
> From: openssl-users On Behalf Of Jerry OELoo
> Sent: Wednesday, February 04, 2015 21:54
> I am using openssl 1.0.2 on windows 7 OS.
> I have put some root certificate files into a folder certs. when I
> using X509_STORE_load_locations() to load this folder into store, it
> returns 1 means success,
> but when I using X509_verify_cert(), it will return 0, and error shows
> 19(self signed certificate in certificate chain).
Nitpick: STORE_load_locations (and CTX_load_verify_locations which uses it)
actually loads the contents of a CAfile into memory, but it only stores the
*name* of a CApath and *later* dynamically loads files from that directory.
Did you use filenames, or possibly* linknames, based on subject hash
as described in https://www.openssl.org/docs/apps/verify.html ?
* Windows beginning AIR XP or maybe NT does support links on NTFS,
but they're not easy to use and not well known, and I think I saw a recent
bug report that they don't even work for OpenSSL, at least sometimes.
Less likely but possible if these files were prepared on an another system:
did you use hashnames created with OpenSSL >1.0.0 or higher<?
Is this a FAQ yet?
More information about the openssl-users