Hi!
I wonder if this setup is somewhat undefined/underdefined behavior.
Andrus, if I understand correctly, you have
- two certificates (one client, one server _and_ CA)
- with the same(!) Subject, according to the logs
- one signed the other (so it's "self-signed")
- one is marked CA, one is not
I have no idea how OpenSSL or the RFCs resolve this situation. Do you
really intend to have the CA share the same Subject as the client?
No. It was mistake. You can close this bug report as invalid.
Andrus.