I found a solution, it looks like a dirty hack and making a security
hole, but it works for our custom purposes. So I don't recommend to use
this way. Somehow it may be interested for somebody.
It's needed to patch openssl.
In 'openssl/ssl/ssl_cert.c' file, in 'ssl_verify_cert_chain' function
replace
X509_STORE_CTX_set_default(&ctx,
s->server ? "ssl_client" : "ssl_server");
by
X509_STORE_CTX_set_default(&ctx, "any");
Yaroslav
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majord...@modssl.org