Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 340821

Summary: openssl-1.0.0a-r3 does not verify root CAs
Product: Gentoo Linux Reporter: Robert Wolf <r.wolf.gentoo>
Component: Current packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED INVALID    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Robert Wolf 2010-10-13 08:45:13 UTC
Hallo,

I have root CAs in /etc/ssl/certs. This path is set in /etc/ssl/openssl.cnf, used by openssl command line tool. After upgrade openssl to version 1.0.0a-r3, openssl s_client and other programs using openssl lib (e.g. wget, alpine) ignores the settings from openssl.cnf and does not verify root CAs. My openssl.cnf is the same as for version 0.9.8.

========================================
[ ca ]
default_ca  = CA_default    # The default ca section
[ CA_default ]
dir   = /etc/ssl    # Where everything is kept
certs   = $dir/certs    # Where the issued certs are kept
========================================

Openssl reads the correct config file (if deleted, then openssl writes error file not found, if I write there some mess, then openssl writes an decoding error).

Could you help me, how to set CApath for command line s_client and for lib (for other programs)? Or is it bug?

Thank you very much for your help.

Regards,

Robert Wolf.
Comment 1 Robert Wolf 2010-10-13 08:53:03 UTC
Sorry, my problem.