Michael Ströder wrote: > man 1ssl verify says: > > "The third operation is to check the trust settings on the root CA. The root > CA should be trusted for the supplied purpose. For compatibility with previous > versions of SSLeay and OpenSSL a certificate with no trust settings is > considered to be valid for all purposes." > > I wonder how certain trust settings can be set. How is it done?
Hmm, found some comments in the "trusted" root CA certs shipped with my Linux distribution. There are lines containing for example # alias=Entrust Root Certification Authority # trust=server-auth # openssl-trust=serverAuth Is this how trust meta data is added to certs? Is that documented anywhere? Ciao, Michael. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
