First of all thank you Lutz for your help.
> The result at depth 0 says, that the certificate at level 0 is
consistently
> signed from its CA. The CA itself (at level 1) however failed verification
> for several reasons.
> The preverify_ok state only indicates whether the certificate at the
> actual depth passed or not. It does not say anything about other levels.
> As you have already seen, the overall result of the verification is
> CERT_UNTRUSTED, as at least one error occured.
I see, the preverify_ok value at depth 0 is 1. That means the peer cert was
passed. But the CA cert on level 1 wasn't passed because the preverify_ok
value at this depth is 0.
But what are the several reasons of the error at depth 0?
Confusing for me is the fact, that X509_STOR_CTX_GET_CURRENT_CERT at depth 1
is returning a cert though then preverify_ok value at this depth is 0
(wasn't passed).
How can I achieve the goal to proof without doubt that the server I'm
connected with is the one I've expected?
Maybe you can give me one more hint.
Regards,
Thomas
Thomas Geller [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]