[openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

Sands, Daniel dnsands at sandia.gov
Sat Dec 1 00:33:20 UTC 2018

On Fri, 2018-11-30 at 23:55 +0000, Michael Wojcik wrote:
> > "Self-signed certificate in certificate chain" does not to me
> > > convey "No
> > > certificate hash links" (or "CA certificate not found in hash
> > > links").
> > 
> Viktor's points are all good ones, but considering how often this
> particular message causes confusion for users and developers (at
> least in my experience), I wonder whether changing the text to
> "Untrusted self-signed certificate in certificate chain" would help.
> That would suggest to the user that the problem might be an issue
> with the trust store.
My .02:  The message "Self-signed certificate in certificate chain"
does make it sound like OpenSSL rejected the certificate precisely
because it's self signed, and not because it's an untrusted root
certificate.  I would suggest a less misleading reason, at least.

More information about the openssl-users mailing list