First, I recommend you not to hurry up :) Second, the validation procedures have changed between 1.0.2 and 1.1.1, 1.1.1 checks more strictly. E.g., a self-signed certificate without "CA:TRUE" will be treated as valid CA cert in 1.0.2 but not valid in 1.1.1
On Mon, Mar 2, 2020 at 12:01 PM shiva kumar <shivakumar2...@gmail.com> wrote: > Hi, > Please help me, is this an expected behavior? > > On Mon, Mar 2, 2020 at 1:48 PM shiva kumar <shivakumar2...@gmail.com> > wrote: > >> when I tried to verify the the self signed certificate in OpenSSL 1.0.2 >> it is giving error 18 and gives OK as o/p, when I tried the same with >> OpenSSL 1.1.1 there is slight change in the behavior it also gives the >> same error, but instead of OK it gives different error as "*ca.crt: >> verification failed*" as follows. >> >> >> >> *in OpenSSL 1.0.2* >> >> openssl verify ./ca.crt >> >> *error 18* at 0 depth lookup:self signed certificate >> >> *OK* >> >> >> *in OpenSSL 1.1.1 * >> >> openssl verify ./ca.crt >> >> *error 18* at 0 depth lookup:self signed certificate >> >> *error /tmp/1.1/conf/ssl.crt/ca.crt: verification failed* >> >> # echo $? >> >> 2 >> >> >> why I'm getting this error? is this an expected behavior in OpenSSL 1.1.1? >> >> Please answer my question. >> >> >> >> >> -- >> *With Best Regards* >> *Shivakumar S* >> > > > -- > *With Best Regards* > *Shivakumar S* > -- SY, Dmitry Belyavsky