Hi Bear, > > Are there any additional steps necessary to verifying the issuer > > apart from the normal peer authentication and a string compare of > > the issuer name? > > Just follow the certificate chain back to a trusted root. Anyone > can forge a certificate chain, but they won't be able to get back > to a trusted root.
I had assumed that this was automatically done by OpenSSL during the initial handshake. Would not the client be rejected if the certificate was not signed by the correct CA? Cheers, Mark ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
