Hi,
with PKCS7_verify() you can provide a list of certificates which OpenSSL can
use to build and verify the chain. Either within the PKCS7 *p7 or with
STACK_OF(X509) *certs.
Is there some way to figure out which certificates in p7/certs are used (or not
used) to verify the chain?
Regards
Mi
On 01.11.2015 10:25, Matt Caswell wrote:
CT is the answer to a big problem. I fail to see that CAs deploying CT
is a problem. I also don't see why only a CA can do this. There might be
some adversaries that are perfectly capable of building large databases
of certificates that they have "collecte
On 01/11/15 08:21, Walter H. wrote:
> On 31.10.2015 23:23, Michael Ströder wrote:
>> Walter H. wrote:
>>> give me a hint for finding S/MIME certificates, finding my own would
>>> be nice;
>> You claim that clear-text OCSP requests are not a privacy issue.
> yes ..., a security problem I mentioned
On 31.10.2015 23:23, Michael Ströder wrote:
Walter H. wrote:
give me a hint for finding S/MIME certificates, finding my own would be nice;
You claim that clear-text OCSP requests are not a privacy issue.
yes ..., a security problem I mentioned in connection with stupid CAs
some posts before is
