OpenSSL Ignore Self-signed certificate error

By default OpenSSL walks the certificate chain and tries to verify on each step, SSL_set_verify() does not change that, see tha man page. Quoting it:

The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with SSL_CTX_set_cert_verify_callback(3).

So the solution is to create a simple callback and set that one, so that you override all certificate-chain walking:

static int always_true_callback(X509_STORE_CTX *ctx, void *arg){    return 1;}SSL_CTX_set_cert_verify_callback(CTX, always_true_callback);

Have you tried giving your app the server's CA certificate so that your app can verify the certificate chain?

Check these OpenSSL Examples: http://www.rtfm.com/openssl-examples/

The wclient.c connects to any https page, for example:

wclient -h www.yahoo.com -p 443

If you run that with the default installation, you'll get a certificate error (you can use the -i flag to bypass the certificate check though).

To verify the certificate, you'll need to download the CA certificates (Verisign, Thawte, Equifax, etc), so google this file cacert.pem, download and rename it to root.pem and you'll be able to connect to a web server and validate its certificate.