Hi Dave,
>>But even with that done/fixed in my test environment I DO get
>>verify error 24 invalid CA cert depth 1 (my only intermediate).
>>Is that what you're getting? If so, it looks like maybe the
>>'purpose' checks have been made stricter since the last time
>>I did this in test, where I have
Accidentally sent privately, copying to list for anyone else interested
> From: Dave Thompson [mailto:dthomp...@prinpay.com]
> Sent: Friday, 02 December, 2011 17:47
> To: 'Ashok C'
> Subject: RE: Usage of CAPath/CAFile options in int
> SSL_CTX_load_verify_locations Reg.
Hi Dave,
Keeping the things you have mentioned in mind, this is how it goes.
In server side, EE key is loaded using
SSL_CTX_use_RSAPrivateKey_file(ctx,eekeyfile,SSL_FILETYPE_PEM);
EE certificate is loaded using SSL_CTX_use_certificate_file(ctx,
eepemfile,SSL_FILETYPE_PEM);
And the intermediate cer
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Wednesday, 30 November, 2011 00:51
> Some more followup questions here:
> In case of a server application, it is expected to send
> > the intermediate certificates to the client. And in this case,
Hi Dave,
Thanks for the reply.
Some more followup questions here:
In case of a server application, it is expected to send
> the intermediate certificates to the client. And in this case,
> is this API -- SSL_CTX_load_verify_locations(
) sufficient to be used?
> Or is there a separate API to send
> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Monday, 28 November, 2011 00:35
> One more question here:
> In case of a server application, it is expected to send
> the intermediate certificates to the client. And in this case,
> is this API -- SSL_C
the client?
P.S. My previous query also is unanswered. It would be great if I get some
responses to that also ;)
Regds,
Ashok
-- Forwarded message --
From: Ashok C
Date: Wed, Nov 23, 2011 at 12:55 PM
Subject: Usage of CAPath/CAFile options in int
SSL_CTX_load_verify_locations Reg
Hi,
We are implementing multi-layer support for our openssl-based PKI solution
and had the following query:
Currently our PKI solution supports only single layer CA support and we use
SSL_CTX_load_verify_locations API with the CAFile option, meaning that the
service loads the CA certificate from