...
> ...
> > As part of modification of the mscapi (cryptoapi.c) file, I
> > try to cleanup the openssl usage. I don't have Windows
> > environment to test.
> >
> > I will be glad if users of this feature help me testing this.
...
> ...
> Sure, I could do it now but what are the test cases we are
> going to run? This is for the cryptoapicert feature? -Dave
>
OK, I'm not getting it. Educate me. I am using an existing and functional
server, and removed all the ca cert and key options in my config and
replaced them with:
cryptoapica
cryptoapicert "SUBJ:plexus"
Nevermind the second one -- I verified it works fine in isolation (i.e.
meaning having ca or <ca> makes it work finding the cert and key via capi).
That was mostly a 'using capi to do something at all' sanity check.
I imported my CA cert. I used the 'pick a sensible place' option. I
verified that it is located (according to the MMC snapin) at:
Certificates - Current User
Trusted Root Certification Authorities
Certificates
which does seem a sensible place.
Upon connect, I am getting the error:
Sat Oct 11 22:25:16 2008 VERIFY ERROR: depth=1, error=self signed
certificate in certificate chain:
/C=US/ST=TX/L=Cedar_Park/O=ziggurat29/CN=ziggurat29_CA/emailAddress=dev@zigg
urat29.com
Not sure what to say about that -- root CA certs are always self-signed, no?
For fun I also imported the server cert. It wound up at:
Certificates - Current User
Other People
Certificates
Didn't do any good there -- no surprise -- but I moved it over to the
trusted root CA and it did no good there either.
I'll be happy to give configs, logs, certs if it's useful.
-Dave
