> > Won't this approach cause our application to accept certificates > that should be rejected? It would if you just ignore it. But you could do some extra checks in your verification callback when it is invoked with X509_V_ERR_INVALID_CA and then decide if to accept the certificate or not. Dror ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
- Spurious X509_V_ERR_INVALID_CA errors from 0.9.5a? Michael Playle
- Re: Spurious X509_V_ERR_INVALID_CA errors from 0.9.5a? Dr S N Henson
- Re: Spurious X509_V_ERR_INVALID_CA errors from 0.9... Michael Playle
- Re: Spurious X509_V_ERR_INVALID_CA errors from 0.9.5a? Otmi Dror
- Re: Spurious X509_V_ERR_INVALID_CA errors from 0.9... Michael Playle
- Dror
