On Wed, 16 Jan 2002, Richard Levitte - VMS Whacker wrote: > From: Simon Josefsson <[EMAIL PROTECTED]> > > jas> This patch that allows you to override the check for a valid self-signed > jas> certificate when signing certs using 'x509 -CA'. I find this useful for > jas> those times when you edit certs with M-x hexl-mode. > > I'm wondering if OpenSSL shouldn't be changed to accept a store of > trusted points that aren't necessarely root certificates. One might > have the case that one only wants to accept client certificates from > an intermediate CA and not those coming from the rest of the CA tree > (or mesh).
Could be useful, but I wonder if this feature really belong in the mini CA of the "x509" command. Such features might fit better in the "ca" command, and the "x509" CA can be left as a hacker tool where things like -noselfsign can be useful. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
