certificate verification error OpenSSL 1.1.1
shiva kumar
shivakumar2696 at gmail.com
Tue Mar 3 06:06:35 UTC 2020
Hi,
can you please tell me more about
1) How to verify a self signed (.crt) key in OpenSSL 1.1.1?
2) Is key generated by OpenSSL 1.0.2 can be used to connect with OpenSSL
1.1.1 and vice versa?
Thanks and regards
Shivakumar
On Mon, Mar 2, 2020 at 2:36 PM Dmitry Belyavsky <beldmit at gmail.com> wrote:
> First, I recommend you not to hurry up :)
>
> Second, the validation procedures have changed between 1.0.2 and 1.1.1,
> 1.1.1 checks more strictly.
> E.g., a self-signed certificate without "CA:TRUE" will be treated as valid
> CA cert in 1.0.2 but not valid in 1.1.1
>
>
>
> On Mon, Mar 2, 2020 at 12:01 PM shiva kumar <shivakumar2696 at gmail.com>
> wrote:
>
>> Hi,
>> Please help me, is this an expected behavior?
>>
>> On Mon, Mar 2, 2020 at 1:48 PM shiva kumar <shivakumar2696 at gmail.com>
>> wrote:
>>
>>> when I tried to verify the the self signed certificate in OpenSSL 1.0.2
>>> it is giving error 18 and gives OK as o/p, when I tried the same with
>>> OpenSSL 1.1.1 there is slight change in the behavior it also gives the
>>> same error, but instead of OK it gives different error as "*ca.crt:
>>> verification failed*" as follows.
>>>
>>>
>>>
>>> *in OpenSSL 1.0.2*
>>>
>>> openssl verify ./ca.crt
>>>
>>> *error 18* at 0 depth lookup:self signed certificate
>>>
>>> *OK*
>>>
>>>
>>> *in OpenSSL 1.1.1 *
>>>
>>> openssl verify ./ca.crt
>>>
>>> *error 18* at 0 depth lookup:self signed certificate
>>>
>>> *error /tmp/1.1/conf/ssl.crt/ca.crt: verification failed*
>>>
>>> # echo $?
>>>
>>> 2
>>>
>>>
>>> why I'm getting this error? is this an expected behavior in OpenSSL
>>> 1.1.1?
>>>
>>> Please answer my question.
>>>
>>>
>>>
>>>
>>> --
>>> *With Best Regards*
>>> *Shivakumar S*
>>>
>>
>>
>> --
>> *With Best Regards*
>> *Shivakumar S*
>>
>
>
> --
> SY, Dmitry Belyavsky
>
--
*With Best Regards*
*Shivakumar S*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200303/16f4ac36/attachment.html>
More information about the openssl-users
mailing list