OpenSSL 1.0.2h on Windows (different versions). I have noticed the following behaviour:
1 Create a certificate file with two CA certificates, one for the server being connected to (server A) and one for another server (server B). 2 Whichever way the CA certificates are ordered the connect works OK. 3 Add a self-signed CA certificate in the file before the one for server A. The connect fails 'Verify return code: 21 (unable to verify the first certificate)'. 4 Move the self-signed CA certificate after the one for server A. The connect works OK. Why should the self-signed certificate affect the connection when the required CA certificate is in the certificate file? Is this a bug?
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users