that's the general direction i was slowly moving towards. i guess one question that i have is since i have to use my code to do the verification process anyhow, is there any advantage to even using the X509_verify_cert() call?
thanks once again. Lutz Jaenicke wrote: > > OpenSSL does not support "trusted" certificates that are not self signed > root CA certificates. It will always walk down the chain. > What could be done is to catch the mentioned error condition in the > callback and declare the certificate to be correct, there. > > It would take some extensions to the certificate verification code > to change the behaviour. I don't know how large the interest is > in such an extension. > > Best regards, > Lutz > -- > Lutz Jaenicke [EMAIL PROTECTED] > http://www.aet.TU-Cottbus.DE/personen/jaenicke/ > BTU Cottbus, Allgemeine Elektrotechnik > Universitaetsplatz 3-4, D-03044 Cottbus > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
