On Tue, Nov 02, 2010, Michael Strder wrote: > Michael Ströder wrote: > > man 1ssl verify says: > > > > "The third operation is to check the trust settings on the root CA. The root > > CA should be trusted for the supplied purpose. For compatibility with > > previous > > versions of SSLeay and OpenSSL a certificate with no trust settings is > > considered to be valid for all purposes." > > > > I wonder how certain trust settings can be set. How is it done? > > Hmm, found some comments in the "trusted" root CA certs shipped with my Linux > distribution. > > There are lines containing for example > > # alias=Entrust Root Certification Authority > # trust=server-auth > # openssl-trust=serverAuth > > Is this how trust meta data is added to certs? Is that documented anywhere? >
It is added with the 'x509' utility. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
