• I have a 2nd outbound proxy that all web browsing traffic passes through, but it isn't set to do SSL scanning so shouldn't be messing with the SSL connection - and again this works with most sites.
  • 17 msg: how to extract signature from public key using. 1 msg: SHA-1 of Subject Name: 3 msg: Rehandshake in tls1: 7 msg: Private Key problem: 1 msg: OpenSSL 0.9.7m and 0.9.8e 64bit compile on AIX.
Hi all,
I try to check a server's certificate on the client like this, using an
operating system whose name contains an 'o':
GC_SSL_Error retVal = GC_SSL_NO_ERROR;
X509* x509cert = SSL_get_peer_certificate(m_ssl_p);
if (x509cert != NULL)
//load cert
if(1 != SSL_CTX_load_verify_locations(m_ctx_p,
'C:opensslcertsthawteCp.pem', NULL)) retVal = GC_SSL_CERT_LOAD_ERROR;
else {
// check cert
long certVerifyResult = SSL_get_verify_result(m_ssl_p);
// the only successful return code is X509_V_OK = 0
if((certVerifyResult != X509_V_OK) && (GC_SSL_NO_ERROR
retVal)) retVal = GC_SSL_CERT_VALID_ERROR;
else retVal = GC_SSL_NO_PEER_CERT;
The problem is, that I receive always the retrun value '20'
function SSL_CTX_load_verify_locations.
The certificate thawteCp.pem is located in the given path, the
certificate itself has been delivered by the openssl installation.
I really cannot imagine, what the problem is. Maybe anybody could give
me a hint?.
Thank you and bye
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

hi all,


when im trying to go on a web page, squid cant connect and gives me an error page -


The system returned:

(71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)

TLS/SSL and crypto library. Contribute to openssl/openssl development by creating an account on GitHub. I am trying to get peer-authentication working using X509 certs/M2Crypto.SSL I generate a root CA (issuer & subject = cahostC) on the client (hostC) I sign the client cert locally with this CA.

SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.


does anyone know what the problem is

X509_v_err_unable_to_get_issuer_cert_locally openssl信頼された機関から発行された証明書ではありません(x509_v_err_unable_to_get_issuer_cert_locally)

X509_v_err_unable_to_get_issuer_cert_locally Openssl