openssl default CA location

colinzhengj · 2007-03-25 02:58:58

Was quite frustrated over openssl. With

  openssl s_client -connect smtp.gmail.com:587 -starttls smtp

I always get a failure: Verify return code: 21 (unable to verify the first certificate)
But with

openssl s_client -connect smtp.gmail.com:587 -starttls smtp -CAfile /etc/ssl/cacert.pem

authentication passes. In my openssl.cnf, I have:

dir             = /etc/ssl              # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.
#unique_subject = no                    # Set to 'no' to allow creation of
                                        # several ctificates with same subject.
new_certs_dir   = $dir/newcerts         # default place for new certs.

certificate     = $dir/cacert.pem       # The CA certificate

I have made a link to my CA file ( /etc/ssl/cacert.pem ) under ~/.authenticate. It did not help.

Will really appreciate some help here

colinzhengj · 2007-03-25 03:00:53

Without -CAfile option, openssl s_client should try to locate the default CA.
My real problem is not being able to use esmtp to connect over SSL...

Arch Linux

#1 2007-03-25 02:58:58

openssl default CA location

#2 2007-03-25 03:00:53

Re: openssl default CA location

Board footer