On Fri, 2018-11-30 at 23:55 +0000, Michael Wojcik wrote: > > "Self-signed certificate in certificate chain" does not to me > > > convey "No > > > certificate hash links" (or "CA certificate not found in hash > > > links"). > > > Viktor's points are all good ones, but considering how often this > particular message causes confusion for users and developers (at > least in my experience), I wonder whether changing the text to > "Untrusted self-signed certificate in certificate chain" would help. > That would suggest to the user that the problem might be an issue > with the trust store. > My .02: The message "Self-signed certificate in certificate chain" does make it sound like OpenSSL rejected the certificate precisely because it's self signed, and not because it's an untrusted root certificate. I would suggest a less misleading reason, at least. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath
Sands, Daniel via openssl-users Fri, 30 Nov 2018 16:39:02 -0800
- [openssl-users] Self-signed error when usi... Charles Mills
- Re: [openssl-users] Self-signed error... Viktor Dukhovni
- Re: [openssl-users] Self-signed e... Charles Mills
- Re: [openssl-users] Self-sign... Viktor Dukhovni
- Re: [openssl-users] Self-... Michael Wojcik
- Re: [openssl-users] ... Sands, Daniel via openssl-users
- Re: [openssl-use... Viktor Dukhovni
- Re: [openssl... Michael Wojcik
- Re: [openssl... Viktor Dukhovni
- Re: [openssl... Michael Wojcik
- Re: [openssl... Charles Mills
- Re: [openssl... Michael Wojcik
- Re: [openssl... Charles Mills
- Re: [openssl... Sands, Daniel via openssl-users
- Re: [openssl... Viktor Dukhovni
- Re: [openssl... Jakob Bohm via openssl-users