Hi, I have a problem with verification of a certificate. I have temporary certificate signed from other certificate which is signed from my CA. I need to verify this temporary certificate. If I use openssl ver: OpenSSL 0.9.3a 29 May 1999, everything is ok. example: ./openssl verify -verbose -CApath ~holub/.globus /tmp/x509up_u11931 /tmp/x509up_u11931: OK But if I use the new version: OpenSSL 0.9.6 24 Sep 2000, the same command gives me an error: ./openssl verify -verbose -CApath ~holub/.globus /tmp/x509up_u11931 /tmp/x509up_u11931: /C=CZ/ST=Czech Republic/O=Masaryk University/OU=Institute of Computer Science/CN=Petr [EMAIL PROTECTED]/CN=proxy error 20 at 0 depth lookup:unable to get local issuer certificate I think, that the problem is in subject and issuer in my certificate. If I have run openssl with strace, I saw that the new version was looking for wrong "hash name" of the certificate. But why does the older version work, and the new one doesn't? I am appending subjects and issuers of my certificates. They are: in temporary cert: subject=/C=CZ/ST=Czech Republic/O=Masaryk University/OU=Institute of Computer Science/CN=Petr [EMAIL PROTECTED]/CN=proxy issuer= /C=CZ/ST=Czech Republic/O=Masaryk University/OU=Institute of Computer Science/CN=Petr [EMAIL PROTECTED] and in certificate with which is temporary signed: subject=/C=CZ/ST=Czech Republic/O=Masaryk University/OU=Institute of Computer Science/CN=Petr [EMAIL PROTECTED] issuer= /C=CZ/ST=Czech Republic/L=Brno/O=Masaryk University/OU=Institute of Computer Science/CN=Certification [EMAIL PROTECTED] and my CA: subject=/C=CZ/ST=Czech Republic/L=Brno/O=Masaryk University/OU=Institute of Computer Science/CN=Certification [EMAIL PROTECTED] issuer= /C=CZ/ST=Czech Republic/L=Brno/O=Masaryk University/OU=Institute of Computer Science/CN=Certification [EMAIL PROTECTED] Thanks for all suggestions, regards Petr Holub e-mail: [EMAIL PROTECTED] Web_page: http://www.fi.muni.cz/~holub Public_PGP_key: http://thetis.fi.muni.cz/noauth/pgp/show_pgp.cgi?user=holub ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]