On 05/22/2012 04:31 PM, Thorsten Glaser wrote: > On Tue, 22 May 2012, Nikos Mavrogiannopoulos wrote: > >> Shouldn't you specify the auto-generated ca in --x509cafile? > > It’s part of those 409 certificates (cf. openssl s_client > succeeding to validate it). Could you send those two certificates to reproduce the issue?