how to find out the path for openssl trusted certificate?

Question

how can I find out, where my openssl installed is looking for installed certificates (trusted)? it is sometimes /etc/ssl/cert but I have here a new system and it is not work

Answer 1

How can I find out, where my openssl installed is looking for installed certificates (trusted)?

You can't. OpenSSL trusts nothing by default, and it does not go looking for certs. You have to instruct it what to trust. There's even a FAQ topic covering it: Why does fail with a certificate verify error?:

This problem is usually indicated by log messages saying something like "unable to get local issuer certificate" or "self signed certificate". When a certificate is verified its root CA must be "trusted" by OpenSSL this typically means that the CA certificate must be placed in a directory or file and the relevant program configured to read it. The OpenSSL program 'verify' behaves in a similar way and issues similar error messages: check the verify(1) program manual page for more information.

---

Caf's answer is kind of correct, but OpenSSL does not use it and there's nothing there...

$ grep -R X509_get_default_cert_dir *
...
crypto/x509/x509_def.c:const char *X509_get_default_cert_dir(void)
...

In the above, notice it does not hit on anything in the apps/ directory. apps/ is where all the OpenSSL samples and utilities are, like openssl req, openssl rsa, openssl dsa, openssl x509, openssl sign, openssl verify, etc.

Then:

$ cat crypto/x509/x509_def.c
...
const char *X509_get_default_cert_dir(void)
    { return(X509_CERT_DIR); }
...

$ grep -R X509_CERT_DIR *
crypto/cryptlib.h:#define X509_CERT_DIR     OPENSSLDIR "/certs"

And finally:

$ ls /usr/local/ssl/certs/
$

Like I said, its not used and there's nothing there.