Comment 5 for bug 1189444

I have changed the SSL_CTX_use_certificate_file() calls to SSL_CTX_use_certificate_chain_file(), but wasn't able to reproduce the failure you were seeing before the change was made.

If you generate the certificates using the gen.sh script in the attachment, but modify the line

cat test-signing-ca.crt test-inter-ca.crt test-root-ca.crt > all.crt

to

cat test-signing-ca.crt test-inter-ca.crt > all.crt

(i.e. no root certificate), then using "mosquitto -c cafile-ok.conf" matches the scenario you describe in comment #4. This doesn't result in verification failure for me. If you can describe how what you are doing is different, then I may be able to reproduce the problem.