I'm using 'openssl verify -CApath /something/cert CERT_TO_VERIFY' to verify certificate chains. I just found out that some certificates are positively verified even if I do not provide argument '-CApath /something/cert'. Root cause of such behavior is the fact that openssl uses certificates in /etc/ssl/certs in order look for certificates. Is it possible to disable this lookup? I already tried to set OPENSSL_CONF=/dev/null, but after I found out that it can only be used to specify alternative location for openssl.cnf, which is also weird for me. Do you know why 'openssl verify' looks in /etc/ssl/openssl.cnf? I mean - what exactly it tries to find in this file?
Kris ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
