> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills > Sent: Tuesday, 14 August, 2012 08:09 <snip> > > if your self-signed cert has a KeyUsage extension that does > > not include certSign, > > OpenSSL skips it for chain-building, resulting in verify 20. > > Looks like the latter to me. Please look below and tell me if > you don't > agree. If so, I fear it is unsolvable, but it does not really > matter as the > Kiwi is just for testing and if I know why it is failing that > is almost as > good as it succeeding. <snip> > Certificate: <snip> > X509v3 extensions: > X509v3 Key Usage: > Key Encipherment, Data Encipherment
Yes, that's KeyUsage without certSign. Since problem-understood is sufficient for you in this situation, fine. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org