Hi Adriana ,
Adriana Rodean wrote:
> Hi all,
>
> We patched it on cygwin and got executables to run, but when I try to
> connect to server I got the following from client:
>
>
>
> Debug3: ssh_x509cert_check: for ?c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd?
>
> ssh_x509store_cb: subject=?c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd?, error
>
> 20 at 0 depth lookup:unable to get local issuer certificate
>
> Ssh_verify_cert: verify error, code=20, msg=? unable to get local
> issuer certificate?
>
> I run executable under Windows with cygwin dlls in same folder.
>
> Thank you,
> Adriana.
To verify server certificate you need "trust certificate chain".
See ssh_config manual page for "x509_store" optionslike
CACertificateFile and CACertificatePath and also UserCACertificateFile
and UserCACertificatePath.
You could check openssh x509 store with openssl command:
$ openssl --verify [-CApath directory] [-CAfile file] certificate
In you case openssl arguments -CApath -CAfile correspond to openssh
config options {|User}CACertificatePath {|User}CACertificateFile and
certificate is you server certificate.
Adriana Rodean wrote:
> Hi all,
>
> We patched it on cygwin and got executables to run, but when I try to
> connect to server I got the following from client:
>
>
>
> Debug3: ssh_x509cert_check: for ?c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd?
>
> ssh_x509store_cb: subject=?c=ME,ST=ME,L=ME,O=Internet Widgits Pty Ltd?, error
>
> 20 at 0 depth lookup:unable to get local issuer certificate
>
> Ssh_verify_cert: verify error, code=20, msg=? unable to get local
> issuer certificate?
>
> I run executable under Windows with cygwin dlls in same folder.
>
> Thank you,
> Adriana.
To verify server certificate you need "trust certificate chain".
See ssh_config manual page for "x509_store" optionslike
CACertificateFile and CACertificatePath and also UserCACertificateFile
and UserCACertificatePath.
You could check openssh x509 store with openssl command:
$ openssl --verify [-CApath directory] [-CAfile file] certificate
In you case openssl arguments -CApath -CAfile correspond to openssh
config options {|User}CACertificatePath {|User}CACertificateFile and
certificate is you server certificate.
Roumen
[ reply ]