More Issues with Openssl 1.0.0
My standard configurations of stunnel use the verify=2 option. With recent versions of stunnel and openssl-0.9.8 for Linux systems, I have capath = /capath and stunnel searches directory /capath relative to chroot for the certificates. Using the same configuration file and openssl-1.0.0, this directory is no longer being searched. Any ideas about how to specify the location of capath with openssl-1.0.0? Thanks, Carter -- Carter Browne CBCS cbrowne@cbcs-usa.com 781-721-2890
Carter Browne wrote:
My standard configurations of stunnel use the verify=2 option. With recent versions of stunnel and openssl-0.9.8 for Linux systems, I have capath = /capath and stunnel searches directory /capath relative to chroot for the certificates. Using the same configuration file and openssl-1.0.0, this directory is no longer being searched. Any ideas about how to specify the location of capath with openssl-1.0.0?
I quickly googled for the answer and found it here: http://www.mail-archive.com/openssl-dev@openssl.org/msg26634.html "Note that hash algorithm used for subject hashing is changed in OpenSSL 1.0, so all certificate stores have to be rehashed upon transition from 0.9.8 to 1.0.0." Mike
participants (2)
-
Carter Browne -
Michal Trojnara