Hallo, I have root CAs in /etc/ssl/certs. This path is set in /etc/ssl/openssl.cnf, used by openssl command line tool. After upgrade openssl to version 1.0.0a-r3, openssl s_client and other programs using openssl lib (e.g. wget, alpine) ignores the settings from openssl.cnf and does not verify root CAs. My openssl.cnf is the same as for version 0.9.8. ======================================== [ ca ] default_ca = CA_default # The default ca section [ CA_default ] dir = /etc/ssl # Where everything is kept certs = $dir/certs # Where the issued certs are kept ======================================== Openssl reads the correct config file (if deleted, then openssl writes error file not found, if I write there some mess, then openssl writes an decoding error). Could you help me, how to set CApath for command line s_client and for lib (for other programs)? Or is it bug? Thank you very much for your help. Regards, Robert Wolf.
Sorry, my problem.