Michael Ströder writes:
> Bruce Stephens wrote:
[...]
>> Ah, my fault. Obvious in retrospect: Debian's openssl finds the root
>> cert because it's in the ca-certificates package!
>
> Did you use -CAfile as in my original posting when testing?
I did.
> Doesn't -CAfile set exclusively all trus
On Tue, Nov 09, 2010 at 01:45:15PM +, Bruce Stephens wrote:
> Michael Str??der writes:
>
> > Bruce Stephens wrote:
>
> [...]
>
> >> Ah, my fault. Obvious in retrospect: Debian's openssl finds the root
> >> cert because it's in the ca-certificates package!
> >
> > Did you use -CAfile as in
Bruce Stephens wrote:
> Bruce Stephens writes:
>
>> "Dr. Stephen Henson" writes:
>>
>> [...]
>>
>>> Is that unmodified OpenSSL 0.9.8o? If so that's peculiar I get the expected
>>> error here.
>>
>> No, it's Debian's 0.9.8o-2.
>
> Ah, my fault. Obvious in retrospect: Debian's openssl finds the
Bruce Stephens writes:
> "Dr. Stephen Henson" writes:
>
> [...]
>
>> Is that unmodified OpenSSL 0.9.8o? If so that's peculiar I get the expected
>> error here.
>
> No, it's Debian's 0.9.8o-2.
Ah, my fault. Obvious in retrospect: Debian's openssl finds the root
cert because it's in the ca-certi
"Dr. Stephen Henson" writes:
[...]
> Is that unmodified OpenSSL 0.9.8o? If so that's peculiar I get the expected
> error here.
No, it's Debian's 0.9.8o-2.
[...]
__
OpenSSL Project http://www.op
Bruce Stephens wrote:
> Erik Tkal writes:
>
>> Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say "It is
>> an error if the whole chain cannot be built up."
>
> Maybe, but I think it's just as reasonable to regard it as a bug in the
> docs.
>
> I think it's useful for verify to be a
Erik Tkal writes:
> Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say "It is
> an error if the whole chain cannot be built up."
Maybe, but I think it's just as reasonable to regard it as a bug in the
docs.
I think it's useful for verify to be able to verify chains from trust
anchor
Erik Tkal wrote:
> Your "rootcacert" is not a root cert, as it was issued by "C=US, ST=UT,
> L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com,
> CN=UTN-USERFirst-Client Authentication and Email". You need to append that
> cert as well to your CAfile.
Shouldn't it be possible
On Wed, Nov 03, 2010, Bruce Stephens wrote:
> Erik Tkal writes:
>
> > Hi Michael,
> >
> > Your "rootcacert" is not a root cert, as it was issued by "C=US,
> > ST=UT, L=Salt Lake City, O=The USERTRUST Network,
> > OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication
> > and Email".
wner-openssl-us...@openssl.org]
On Behalf Of Bruce Stephens
Sent: Wednesday, November 03, 2010 12:59 PM
To: openssl-users@openssl.org
Subject: Re: openssl verify fails
Erik Tkal writes:
> Hi Michael,
>
> Your "rootcacert" is not a root cert, as it was issued by "C=US,
>
Erik Tkal writes:
> Hi Michael,
>
> Your "rootcacert" is not a root cert, as it was issued by "C=US,
> ST=UT, L=Salt Lake City, O=The USERTRUST Network,
> OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication
> and Email". You need to append that cert as well to your CAfile.
That
Hi Michael,
Your "rootcacert" is not a root cert, as it was issued by "C=US, ST=UT, L=Salt
Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com,
CN=UTN-USERFirst-Client Authentication and Email". You need to append that
cert as well to your CAfile.
Erik
12 matches
Mail list logo
