openssl 1.0 vs 1.1 s_client verify CA cert expiration

nate openssl at
Thu Sep 30 17:12:28 UTC 2021

On 2021-09-30 9:50, Matt Caswell wrote:
> See:

ok thanks!

That is interesting and explains some things. One more Q for you, this 
uses a custom CA certs file (so doesn't rely on the OS trusted).

Though it seems after further testing even when telling openssl s_client
to look at a specific CA file it looks at it, and also looks at the OS
stuff as well if there is a CA with the OS and not in the custom CA file
(which has about 113 CAs in it).

Not a big deal will all be fixed when they update the cert.

thanks again


More information about the openssl-users mailing list