Article delegate-en/3725 of [1-4111] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3724@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: SSL -CApath not working
27 Apr 2007 04:44:57 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project 
Hi,

In message <_A3724@delegate-en.ML_> on 04/26/07(21:38:52)
you prqhabdyi-mykgh42yj6tw.ml@delegate.org wrote:
 |I would like to get a confirmation if the option [-CApath dir] not working, while trying to do client authentication. 
 |
 |The option [-CAfile file] works like a charm
 |
 |./delegated -P2121 SERVER=ftp://localhost:7133 STLS="fcl,sslway -cert /home/ssl/vsftpd.pem -Vrfy -CApath /home/ca/client_cert/"  RES_WAIT=0 -v
 |
 |The connection cant be established, seems the client's certificate cant be authenticated. I have the feeling that the directory is not being sent correctly, since i can do client auth with -CAfile option
 |
 |./delegated -P2121 SERVER=ftp://localhost:7133 STLS="fcl,sslway -cert /home/ssl/vsftpd.pem -Vrfy -CAfile /home/ca/client_cert/18c82eb5"  RES_WAIT=0 -v


You need name the hashed file as "18c82eb5.0" to use it with -CApath and
nowadays it's recommended to make it automatically with the "c_rehash" command.
See <URL:http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html>

Cheers,
Yutaka
--
  9 9   Yutaka Sato <pfqcabdyi-mykgh42yj6tw.ml@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V