On Wed, 25 Nov 2015, Reiner Herrmann wrote:
By default OpenSSL only accepts connections if the full chain to the root
can be verified. If only an intermediate CA in the chain is trusted, setting
this flag also allows the connection when the root CA is not trusted. This
is also the default behavior for e.g. GnuTLS.
Hi again, let's bring this patch back to life.
What would you say about adding a bit to the CURLOPT_SSL_OPTIONS option to
allow an application to optionally switch off "partial trust chains" ?
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
