Lutz,
The syntax I am using for the Verify follows: openssl verify -CApath /etc/httpd/ssl.crt -CAfile /etc/httpd/ssl.crt/ca-bundle.crt -purpose sslserver -verbose ssl.crt/server.crt The version for OpenSSL is 0.9.6b The server version is Apache/1.3.20 (Linux/SuSE) The server.crt is a super-cert from Thawte which we have just recently purchased. Jim ----- Original Message ----- From: "Lutz Jaenicke via RT" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, July 29, 2002 8:10 AM Subject: Re: [openssl.org #168] Ticket Resolved > > On Mon, Jul 29, 2002 at 05:00:21PM +0200, Jim Beasley via RT wrote: > > I read all the material you suggested and get the following error when I run > > verify with the -issuer_checks: > > > > error 29 at 0 depth lookup:subject issuer mismatch > > > > without the -issuer_checks, there is no error. > > So you specify -CApath ... or -CAfile ... to specify the list of > trusted CAs (or specify the self signed certificate itself). > > > I am still puzzled, since I see error:19 (that was origianaly reported) as > > being an error when running openssl s_client from the commandline. Am I > > overlooking something here? > > So you do not give the same -CApath ... or -CAfile ... argument, do you? > -- > Lutz Jaenicke [EMAIL PROTECTED] > http://www.aet.TU-Cottbus.DE/personen/jaenicke/ > BTU Cottbus, Allgemeine Elektrotechnik > Universitaetsplatz 3-4, D-03044 Cottbus > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
