All the necessary bits are in place to make this possible,
they just never got wired up. With this, for instance, when
you use the 'verify' sub-command to verify a certificate
chain with '-purpose sslserver', error 28 will occur if the
root cert is not trusted for X509_TRUST_SSL_SERVER. This
matche
On Thu, 2015-01-15 at 04:52 -0800, Adam Williamson wrote:
> If anyone can point out what I'm missing I'd be very grateful :)
So I think I may actually know more or less what's going on, now.
Passing -purpose to `verify` seems to really enable only *purpose*
checking. It doesn
.
After a lot of searching I did satisfy myself that anything that goes
through ssl3_connect() gets a default purpose and trust (it had been
suggested on the RH bug that only consumers which explicitly set these
would get one), but that doesn't explain why 'openssl verify' works
eve
