Am Fr, 22. Dez 2017, um 20:31, schrieb Sands, Daniel: > On Fri, 2017-12-22 at 11:14 +0100, Manuel Wagesreither wrote: > > Unfortunately this didn't work either. The end result is the same; > > OpenSSL still emits a "certificate signature failure" with an error > > depth of 0. > > > In light of what Salz said about verification, could we assume that the > openssl verify program that succeeded is based on the older library?
Thanks for your feedback! Actually it's the other way round. Validation succeeds with the *new* library (libssl.so.1.1), and fails with the *old* one (libssl.so.1.0.0). This is true with the openssl verify program as well: `openssl verify` succeeds for OpenSSL 1.1.0f, and fails for OpenSSL 1.0.1g. Hence, if at all, verification requirements must have been lowered in the new OpenSSL version. I'm just about to look for a list of criterias a certificate has to pass in order to validate successfully in the two OpenSSL versions. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
