On Thu, Dec 6, 2012 at 2:16 AM, Ralph Holz <ralph-openssl-...@ralphholz.de> wrote:
> -CAfile file A file of trusted certificates. > > "The lookup first looks in the list of untrusted certificates and if no > match is found the remaining lookups are from the trusted certificates. > The root CA is always looked up in the trusted certificate list: if the > certificate to verify is a root certificate then an exact match must be > found in the trusted list." > > This has led me to believe -CAfile would cause openssl to ignore a > default path to certs. I am surprised CAPath is still evaluated if you > indicate a CAFile. However, as strace shows: I've attached a diff against HEAD for verify.pod. Is it any good?
verify.pod-HEAD.diff
Description: Binary data
