On Feb 4, 2011, at 2:08 PM, Kārlis Repsons wrote: > perhaps there is someone out there, who knows why openssl doesn't seem > to look for certs in /etc/ssl/certs as indicated in openssl.cnf: > > [ ca ] > default_ca = CA_default # The default ca section > > [ CA_default ] > dir = /etc/ssl # Where everything is kept > certs = $dir/certs # Where the issued certs are
I may be wrong ... but I think the [ ca ] and [ CA_default ] sections only apply to the openssl ca command, not to arbitrary SSL connections. I think the certs dir is hardcoded at compile time (X509_CERT_DIR in crypto/cryptlib.h) or is read from the $SSL_CERT_DIR environment variable. "openssl version -d" will tell you the directory. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
