Questions Regarding Openssl versions 0.9.8r and OpenSSL 0.9.8e-fips-rhel5
Hello All, I am Govind and I am currently working on a project, a part of which involves validating certificates. I do have a cacert.pem file to check against and I tried to verify using the openssl s_client command as below. * openssl s_client -verify 100 -CAfile cacert.pem -showcerts -CApath ./ -connect facebook.com:443* This succeds with a return code of 0(ok) in 0.9.8e-fips-rhel5. However the production machine of my organization recently had to upgrade to openssl version 0.9.8r and when I try to execute it for the same cacert.pem file, the same command returns *"Verify return code: 27 (certificate not trusted) *". And if the verify option is not given it returns an error code*"verify error:num=20:unable to get local issuer certificate" *. I do not know the reasons for this and I would love to know if there were any substantial changes that caused this. Also I would greatly appreciate if you can provide me with an insight of how to go about with this problem since I am very new to openssl and open source programming in general. Regards Govind
Re: Questions Regarding Openssl versions 0.9.8r and OpenSSL 0.9.8e-fips-rhel5
Hi All, I am Govind and I am currently working on a project, a part of which involves validating certificates. I do have a cacert.pem file to check against and I tried to verify using the openssl s_client command as below. * openssl s_client -verify 100 -CAfile cacert.pem -showcerts -CApath ./ -connect facebook.com:443* This succeds with a return code of 0(ok) in 0.9.8e-fips-rhel5. However the production machine of my organization recently had to upgrade to openssl version 0.9.8r and when I try to execute it for the same cacert.pem file, the same command returns *"Verify return code: 27 (certificate not trusted) *". And if the verify option is not given it returns an error code*"verify error:num=20:unable to get local issuer certificate" *. I do not know the reasons for this and I would love to know if there were any substantial changes that caused this. Also I would greatly appreciate if you can provide me with an insight of how to go about with this problem since I am very new to openssl and open source programming in general. Regards Govind