It is indeed. The reason load_verify_locations(ctx, 0, caPath) isn't working as expected, is because that method places requirements on how the certificate files in there are named.
When you run load_verify_locations(ctx, caFile, 0), all certificates are in caFile are loadad and added to your ctx immediately. No surprises there. Load_verify_locations(ctx, 0, caPath) on the other hand, just provides the ctx with a path from which to look up certificates on demand. No certificates are actually loaded into the ctx just by running this. Now, once your ctx needs to look up a certificate, in the case of the caPath call above, OpenSSL hashes the subject name of the certificate to look up and appends ".0" to that hash to generate a filename. It then attempts to open this file in caPath and add the contents to the ctx. So just having a file called "file.pem" in caPath isn't going to work, unfortunately, as OpenSSL will not be able to locate it. Please see my post yesterday for a quick run-down on how to rename your certificate without the c_rehash utility. Regards, //oscar Glenn wrote: > > Thanks for all the reply. One point to note is that my > path contain only one file/cert, say file.pem. And I > have verified that this cert works, using: > _load_verify_locations(ctx,"c:\\path\\file.pem",NULL). > However, _(ctx,NULL,"c:\\path\\") does not work. > > Do you think it is the rehash problem that you are > discussing? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
