CA no longer verifying certificates
Samuel Williams
space.ship.traveller at gmail.com
Sun Nov 15 01:10:36 UTC 2020
Hello
I generate a CA (self signed), and then generate a certificate from
that CA, which should be used by a HTTP/2 client and server during
testing.
This code was working as recently as 12 months ago, but it seems like
something has stopped it from verifying correctly.
Here is how the CA is generated, along with a certificate store which
is used for verification:
https://github.com/socketry/async-rspec/blob/4e4c2e59fdb93daab0aa11917f02a05d0fd746e3/lib/async/rspec/ssl.rb#L47-L79
Later, this CA is used to generate a certificate:
https://github.com/socketry/async-rspec/blob/4e4c2e59fdb93daab0aa11917f02a05d0fd746e3/lib/async/rspec/ssl.rb#L85-L110
Finally, we want to check that this is a valid configuration:
https://github.com/socketry/async-rspec/blob/4e4c2e59fdb93daab0aa11917f02a05d0fd746e3/spec/async/rspec/ssl_spec.rb#L35-L37
Like I said, this was passing, as recently as April. However, it's now
failing with error code 18: "self signed certificate".
I've tried a number of things but cannot figure out what's changed and
what I need to do to make this work again (except disable verification
completely which is not what I want).
Any ideas what I need to do to make this work again?
Thanks
Samuel
More information about the openssl-users
mailing list