From owner-freebsd-questions@freebsd.org Fri Dec 4 05:16:18 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DB4AA401B3 for ; Fri, 4 Dec 2015 05:16:18 +0000 (UTC) (envelope-from oliver@schonrocks.com) Received: from smtp.schonrocks.com (smtp.schonrocks.com [89.187.108.85]) by mx1.freebsd.org (Postfix) with ESMTP id DFEFC1034 for ; Fri, 4 Dec 2015 05:16:17 +0000 (UTC) (envelope-from oliver@schonrocks.com) Received: from [192.168.40.60] (home.zaheer.org.uk [81.187.127.171]) by smtp.schonrocks.com (Postfix) with ESMTPA id 84592D7FC36 for ; Fri, 4 Dec 2015 05:16:20 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=schonrocks.com; s=default; t=1449206180; bh=6HeFWVAn8SQ6UoIFiMWkUJQimstqUH9AY4FCiOH9zC8=; h=Subject:To:References:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type; b=P3MXhePZvoUXi94GtH1jZymYrrjdIQW/nU8GHsa4a2saszUZ3pwhcmgjNx+vxLxH2 9LUP22SI4BgRPx7+wjZtvkPE6H1kw5vJSEmBae4sfvr7M4dxj88M2uMBCmLGcfda1N cHIp4jo2uM5fcs8z50PlwNUIERw8ZM8AWum+8V6M= Subject: Re: openssl: verify error:num=20:unable to get local issuer certificate To: freebsd-questions@freebsd.org References: <565B2ACD.4030509@schonrocks.com> <565B3495.40005@schonrocks.com> From: Oliver Schonrock Message-ID: <56612199.2030402@schonrocks.com> Date: Fri, 4 Dec 2015 05:16:09 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <565B3495.40005@schonrocks.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="b771VtCpHqfxT1swegXKhnRFBiDKScdTf" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2015 05:16:18 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --b771VtCpHqfxT1swegXKhnRFBiDKScdTf Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 29/11/15 16:41, Oliver Schonrock wrote: > 2. there is something wrong with the openssl installation on that=20 > 10.1 machine. I have spent nearly a week trying to get to the bottom of this. In the end I installed a clean version of FreeBSD 10.1 to a virtual machine and tested that. Result: exactly the same as my production FreeBSD 10.1 machine. ie openssl refuses to verify that cert, no matter what CAfile and CApath setting I pass to it. So, rather than fight the tide, I swam with it and upgraded my production machine from 10.1 to 10.2 =3D> problem solved. For anyone reading this: openssl certificate chain verification in FreeBSD 10.1 seems to be "broken"..certainly is for me. 10.2 works perfectly. --b771VtCpHqfxT1swegXKhnRFBiDKScdTf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWYSGZAAoJEF6SumULDx4Pb80H/2ny5LN38o5kSQgldyfrtiaG zALwlSmlBdhXS/XqlrZ9SeDloN0xs5+t4CaSZJvOOWTrXR/m53nfF+zzrHlASfNl 1zHPeugFPeg8uQnw08OcfWymTZbXiu/xYYqfUueVwjev5VulBpZ0IyGX08nD6ajU xJOF0IbaJ06m0zaYozGiHgcXeV+I0ic0J8IfToy0B4/kkRyiXsboUuwLlNRWJs/n 3r69epDwioswr6jvRTwCoWdeKE3oY5f2faJiEYd5lQWSvALLQkceFRmcv2uDirjY GApG0bT2p//XrmOc2AVnVYHFeRZhuOUac7qzZosz01Ciex1CyybIp4JhevRPmiM= =3V31 -----END PGP SIGNATURE----- --b771VtCpHqfxT1swegXKhnRFBiDKScdTf--