Using default CA path from openssl

Michal Cichra michal at
Thu Sep 11 14:17:27 UTC 2014

Yes, the s_client and s_server core is …
There are even bugs filled

But this is different. The SSL_CTX_set_default_verify_paths does not have a bug, 
but the usage of it is wrong.


On 11 Sep 2014, at 05:14, Philipp <e1c1bac6253dc54a1e89ddc046585792 at> wrote:

> Am 11.09.2014 00:56 schrieb Michal Cichra:
>> What I propose is a configuration flag, to set
>> `SSL_CTX_set_default_verify_paths`.
> Careful what you wish for..
> I didnt check the surrounding code, but above call and CAfile/CApath sets (if cmd-line or via API wont matter)
> has "funny" error conditions; see this post and the thread:
> Just a 2ct heads up.
> _______________________________________________
> nginx mailing list
> nginx at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list