Hi Bear, > As I said, just remember to use some intelligence. Verify the > issuer, be prepared for the case where a clueless CA issues the > same serial number (which is definitely an error, but how will you > handle it?), etc.
Are there any additional steps necessary to verifying the issuer apart from the normal peer authentication and a string compare of the issuer name? I guess I'll use the subject hash value as an additional check to the serial number. Cheers, Mark ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
