These tests are meant to fail. Specifically, they check the proxy certificate proofs -- in order to verify that the proof mechanism hasn't regressed to some prior state, every possibility must be checked during the tests. This means that things that are supposed to succeed are tested to succeed, and things that are supposed to fail are tested to fail.
The "ERROR in CLIENT" lines are useful for debugging when things don't match what they're supposed to do. However, the "Proxy rights check with condition 'C' proved invalid" is the appropriate line to look at, since it is the actual high-level result of the test. -Kyle H On Tue, Sep 30, 2008 at 11:18 PM, Gayathri Manoj <[EMAIL PROTECTED]> wrote: > Hi All, > > > > Regarding openssl self test failure: > > > > I have executed the test available in the test folder. Some tests failed. > Why these test failing. Is any need to include any files related to > certificate.? > > > > Sample output: > > server authentication > > Initial proxy rights = A > > depth=2 /C=AU/O=Dodgy Brothers/CN=Dodgy CA > > depth=1 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2 > > depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1 > > Certificate proxy rights = AB, resulting proxy rights = A > > Proxy rights check with condition 'C' proved invalid > > ERROR in CLIENT > > 727:error:1407E086:SSL routines:SSL2_SET_CERTIFICATE:certificate verify > failed:s2_clnt.c:1049: > > > > Why this test case failed? > > > > Thanks in advance. > > > > > > Regards, > > Gayathri. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]