----- "Kārlis Repsons" <reps...@gmail.com> wrote: > Hello all, > > perhaps there is someone out there, who knows why openssl doesn't > seem > to look for certs in /etc/ssl/certs as indicated in openssl.cnf: > > [ ca ] > default_ca = CA_default # The default ca section > > [ CA_default ] > dir = /etc/ssl # Where everything is kept > certs = $dir/certs # Where the issued certs are > > > For example with s_client: if it's given -CApath /etc/ssl/certs, the > process is successful, otherwise it can't find the local > certificates... > > openssl s_client -CApath /etc/ssl/certs -connect paypal.com:443 > vs > openssl s_client -connect paypal.com:443
Actually, you will find that openssl s_client -CApath /zomg/wtf -connect paypal.com:443 Will give you the same result as a valid path. > There are also problems with various other programs, which can't do > verification... > > Any cure known? Something more to specify here? None of which I would know, or RT: http://rt.openssl.org/Ticket/Display.html?id=977&user=guest&pass=guest i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
