On Wednesday 22 October 2014 09:50:02 Magnus Thulstrup via RT wrote: > Hi. > I have problem to use the CA path to verify the certificate from the > server in my SSL client. > I used the command "openssl s_client -connect www.server.se:443 -CApath > /opt/etc/certs/ca_root" to verify my certificates. > The command works on an old openssl distribution: > OpenSSL 0.9.8j 07 Jan 2009 > > But fails on: > OpenSSL 1.0.1e 11 Feb 2013 > OpenSSL 1.0.1g 11 Apr 2014 > OpenSSL 1.0.1h 5 Jun 2014 > OpenSSL 1.0.2-beta2 22 Jul 2014 > > OS: Linux 3.0.101-0.8-default #1 SMP Fri Nov 1 12:51:09 UTC 2013 > (2417eb9) x86_64 x86_64 x86_64 GNU/Linux > > Error message is: Verify return code: 21 (unable to verify the first > certificate)
openssl since 1.0.0 uses different hash algorithm for the the CApath folders, you need to rehash the directory -- Regards, Hubert Kario ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
