[openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath

Viktor Dukhovni openssl-users at dukhovni.org
Mon Dec 3 01:54:29 UTC 2018

> On Dec 2, 2018, at 7:43 PM, Charles Mills <charlesm at mcn.org> wrote:
> Sorry, I do not have a packet capture tool configured.
> I have a verify callback with a lot of trace messages. I can see that it is
> only entered once; X509_STORE_CTX_get_error_depth() is 1.
> Does that tell us anything useful?

No further information is required.  Your client certificate chain
includes a self-signed root CA as a direct issuer of its certificate.
That root CA was not found in the server's trust store.

Someone should submit a pull request to improve the error message, if
they've not done so yet.


More information about the openssl-users mailing list