I'm struggling with openssl since some days.
I've compiled openssl on an ARM device and when I run openssl s_client -connect google.com:443
the connection will fail with error 20: unable to get local issuer certificate
.
If I run that command specifying -CAfile /etc/ssl/certs/ca-certificates.crt
the connection will work and returns verify return code: 0 (ok)
.
Another test that I've done is to run the command with -CApath /etc/ssl/certs/
, in this case I will still got error 20
Since OPENSSLDIR is /usr/lib/ssl I've managed to link it to /etc/ssl/certs, now in the filesystem that directory looks like this:
ls -l /usr/lib/ssl
certs -> /etc/ssl/certs
I'm not figuring out what I'm missing and how to set the directory in which openssl has to look for certificates.
Has someone had a similar issue?
Best Answer
The directory specified in CApath must have a special structure. From OpenSSL docs
If I am not wrong, you could use a directory as CApath if: