On Mon, Mar 04, 2013, Dave Thompson wrote: > And: openssl -- so far -- only uses a root in truststore > as an anchor. It can use intermediates in truststore to > build the chain, but that chain must end at a root in > truststore to verify okay. According to posts in the last > few months, this may change: there are reportedly new options > for trust anchors in HEAD, which presumably will be in 1.0.2. > (Standard caveat: I'm not a developer and don't speak for them.) >
Yes there is a partial chain flag which will appear in 1.0.2. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
