Bug 340821

Summary:	openssl-1.0.0a-r3 does not verify root CAs
Product:	Gentoo Linux	Reporter:	Robert Wolf <r.wolf.gentoo>
Component:	Current packages	Assignee:	Gentoo Linux bug wranglers <bug-wranglers>
Status:	RESOLVED INVALID
Severity:	major
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Robert Wolf 2010-10-13 08:45:13 UTC

Hallo,

I have root CAs in /etc/ssl/certs. This path is set in /etc/ssl/openssl.cnf, used by openssl command line tool. After upgrade openssl to version 1.0.0a-r3, openssl s_client and other programs using openssl lib (e.g. wget, alpine) ignores the settings from openssl.cnf and does not verify root CAs. My openssl.cnf is the same as for version 0.9.8.

========================================
[ ca ]
default_ca  = CA_default    # The default ca section
[ CA_default ]
dir   = /etc/ssl    # Where everything is kept
certs   = $dir/certs    # Where the issued certs are kept
========================================

Openssl reads the correct config file (if deleted, then openssl writes error file not found, if I write there some mess, then openssl writes an decoding error).

Could you help me, how to set CApath for command line s_client and for lib (for other programs)? Or is it bug?

Thank you very much for your help.

Regards,

Robert Wolf.

Comment 1 Robert Wolf 2010-10-13 08:53:03 UTC

Sorry, my problem.