Hodie III Non. Iun. MMX, Victor Duchovni scripsit:
> On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
>
> > > I would expect such constraints to only apply when
> > > certificates are being *verified*. There seems to be
> > > little point in preventing a CA from attempting to sign
> > > violating certificates.
> >
> > Yes I later tried to "verify" and I still got no complaints.
>
> As I said, the "verify" command only checks the trust chain, peer name
> verification, is not in scope.
It could fail to validate the chain, given the fact that the extension
is set critical, and not handled, even if recognized.
--
Erwann ABALEA <erwann.aba...@keynectis.com>
-----
When birds fly in the right formation, they need only exert half the
effort. Even in nature, teamwork results in collective laziness.
Demotivators, 2001 calendar
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
