[openssl-users] Self-signed error when using SSL_CTX_load_verify_locations CApath

Viktor Dukhovni openssl-users at dukhovni.org
Fri Nov 30 23:34:33 UTC 2018

> On Nov 30, 2018, at 5:00 PM, Charles Mills <charlesm at mcn.org> wrote:
> "Self-signed certificate in certificate chain" does not to me convey "No certificate hash links" (or "CA certificate not found in hash links").

That's not really possible, because the code that's doing certificate
validation works with an abstract certificate store API, and does not
know whether a particular certificate should or should not have been
listed a trust-anchor in some store.

All we know is that we've reached a self-signed certificate in the
chain (so no further issuers can be found) and it is not in any
of the trust stores, so verification fails.

Perhaps we could document the errors in a bit more depth, but I don't
think it is possible to tell you that your CApath was missing some
specific symlink.


More information about the openssl-users mailing list