[openssl-users] How to load local certificate folder on windows

Dave Thompson dthompson at prinpay.com
Fri Feb 6 17:03:50 UTC 2015

> From: openssl-users On Behalf Of Jerry OELoo
> Sent: Wednesday, February 04, 2015 21:54

> I am using openssl 1.0.2 on windows 7 OS.
> I have put some root certificate files into a folder certs. when I
> using X509_STORE_load_locations() to load this folder into store, it
> returns 1 means success,
> but when I using X509_verify_cert(), it will return 0, and error shows
> 19(self signed certificate in certificate chain).

Nitpick: STORE_load_locations (and CTX_load_verify_locations which uses it) 
actually loads the contents of a CAfile into memory, but it only stores the 
*name* of a CApath and *later* dynamically loads files from that directory.

Did you use filenames, or possibly* linknames, based on subject hash 
as described in https://www.openssl.org/docs/apps/verify.html ?

* Windows beginning AIR XP or maybe NT does support links on NTFS,
but they're not easy to use and not well known, and I think I saw a recent 
bug report that they don't even work for OpenSSL,  at least sometimes.

Less likely but possible if these files were prepared on an another system: 
did you use hashnames created with OpenSSL >1.0.0 or higher<?

Is this a FAQ yet?

More information about the openssl-users mailing list