SSL verification failure
Chris Adams
chris at improbable.org
Wed Nov 12 16:56:17 PST 2003
On Nov 12, 2003, at 16:46, Chris Adams wrote:
> On Nov 12, 2003, at 14:31, Andrew Malton wrote:
>> When I use OmniWeb (4.5 v496) to connect to the same HTTPS sites, I
>> get error #20 "unable to get local issuer certificate". I tried
>> enabling TLS and that made no difference.
>
> ls -l
> /Applications/Net/OmniWeb.app/Contents/PlugIns/HTTPS.plugin/Contents/
> Resources/
>
> I had to append our .pem file to MoreRootCerts.pem to make it work.
> I'm filing a request to have this either use X509Anchors and/or the
> user's keychain or at least the usual Library search path so we don't
> have to redo this after every upgrade. Even /System/Library/OpenSSL
> would be nice...
Spoke too soon - you just need the magic[1] name "cert.pem".
/System/Library/OpenSSL/cert.pem
With our CA key there Omniweb just works and you get all of the openssl
command-line tools working for free. Mutt S/MIME here we come...
Chris
[1] I say magic name because I ended up having to use ktrace to see
where openssl was looking. man openssl is definitely not oriented
towards people who aren't programmers writing crypto software. It'd be
nice if they had taken a page out of the last 30 years of Unix
experience and included either a FILES section or something in man5
about this...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2369 bytes
Desc: not available
Url : /mailman/archive/omniweb-l/attachments/20031112/a2976ce8/smime.bin
More information about the OmniWeb-l
mailing list