Otmi Dror wrote:
>
> Ignore this error in your verification callback function the same way the
> function 'cb' of apps/verify.c does.
>
> Dror
Won't this approach cause our application to accept certificates
that should be rejected? For example, certificates used for signing
other certificates, but which have a Key Usage extension without the
'Certificate Sign' bit set.
--
Michael Playle, Software Engineer, ANT Ltd.
phone +44 1223 716418 - fax +44 1223 716401
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
