> A Wireshark trace reveals that the client shuts down the handshake > connection with the reason ‘Unknown CA’.
> So if the client knows that the cert is self-signed as indicated by the debug > logs, why would it issue the above reason for failure when it doesn’t need to > know the CA? You still have to add the CA to your local trust store. Otherwise, you'd blindly accept *every* self-signed certificate, right? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users