This question should actually be posted to the openssl-users mailing list (openssl-dev is for the development of the OpenSSL library itself, not applications that use it).
The contents of the directory given to SSL_CTX_load_verify_locations must be specially named in order to be recognized - a random collection of files with an extension of .pem won't work. The OpenSSL distribution contains a Perl script called c_rehash to perform this naming function under Unix (I'm not sure how it would work under OS X). As an alternative, you can just concatenate all of the PEM-encoded CA certificates into a single file, and give the full path to that file. On Tuesday 17 August 2004 19:05, Jack Keel wrote: > Hi, > > I'm building a plugin to Squeak Smalltalk to allow calls to OpenSSL. > I'm using the O'Reilly book "Network Security with OpenSSL" examples to > help test my plugin. While testing, I discovered that > SSL_CTX_load_verify_locations with a path specified fails on OS X > whether from Squeak or from pure c. > > If I run the c example programs client3 and server3 programs, with a > null path specified and the rootcert.pem files in the execution > directory, SSL communication seems to work fine. Change Client3 to > specify another directory and it still works fine (however, it turns > out it is actually still looking in the execution directory). But > remove the .pem files from the execution directory and it can no longer > locate them and doesn't find the .pem files in the Path I specified in > the SSL_CTX_load_verify_locations call. Thinking Mac OS X paths may be > weird I tried "/", "OSX", and "OSX/" for the path - I had placed the > .pem files in the top directory "/" but "OSX" is my root volume. > > Since the client3 application works when the .pem are in the execution > directory, I placed the .pem files in the Squeak execution directory > (and also in the Squeak VM OS X package internal directory) but OpenSSL > couldn't find them. So I placed them in my home (~) directory and in > "/" but it can't find them there either. So as it stands, on OS X, I > can't refer to any path other than the execution path in c programs and > I can't get .pem files at all from Squeak. > > Any ideas? > > Thanks > Jack > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
