I would expect such constraints to only apply when
certificates are
being *verified*. There seems to be little point in preventing
a CA
from attempting to sign violating certificates.
Yes I later tried to "verify" and I still got no complaints.
Does OpenSSL trust chain validation include any checks on name
constraints?
If there is an additional step that i need to apply for this verification to
happen then i don't know that and I'd appreciate if you detailing that please.
thanks.
This email contains Morega Systems Inc. Privileged and Confidential information.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
