From: Dr Stephen Henson <[EMAIL PROTECTED]>
drh> Richard Levitte - VMS Whacker wrote:
drh> > Personally, I've no problem with those defaults as they are, and the
drh> > X509_get_default_*() functions are designed to give the library-
drh> > specific defaults. What I do have a problem with is the way
drh> > get_cert_chain() in pkcs12.c is designed, as it takes no external
drh> > input whatsoever except for the cert to be exported.
drh> >
drh> > Steve, since you've made this thingy, perhaps you can tell us the
drh> > reason for the current design, if there is any?
drh> >
drh>
drh> Yes there isn't any ;-)
I kind of guessed that :-).
drh> Actually the -chain option doesn't do anything special other than
drh> automatically add the correct certificate chain, the same functionality
drh> can be obtained with the -certfile option if you manually work out the
drh> chain.
Actually, I also tried the combination -certfile and -chain, because I
was originally thinking that the cert file would actually get used in
building the chain, that is, openssl would pick out whatever it needed
from that file to build the chain...
drh> I suppose it would be better if it included standard -CAfile and
drh> -CApath arguments.
That would probably help a bit...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
