Hi,
I have the following certificates:
root.cert - self signed CA
node1root.cert - issued by root
node2root.cert - issued by root
daemon.cert - issued by node1root
client1.cert - issued by node2root
I have an SSL server which use the daaemon.cert and has root.cert and node1.cert
in its certificateChain.
I want to accept and authenticate clients issued by node2root. Not all
'children' to root.cert.
My question is what do I put in SSL_CTX_add_client_CA() to make my CA list, and
what should I put in the file SSL_CTX_load_verify_locations() loads?
In the end I want to this without any file loading., but then I have be sure of
how these things work. I've been through the archive and can't really find
anything matching my question.
Many thanks
Peter
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]