Richard Levitte - VMS Whacker wrote: > > From: Simon Josefsson <[EMAIL PROTECTED]> > > jas> This patch that allows you to override the check for a valid self-signed > jas> certificate when signing certs using 'x509 -CA'. I find this useful for > jas> those times when you edit certs with M-x hexl-mode. > > I'm wondering if OpenSSL shouldn't be changed to accept a store of > trusted points that aren't necessarely root certificates. One might > have the case that one only wants to accept client certificates from > an intermediate CA and not those coming from the rest of the CA tree > (or mesh).
Surely you can accept non-self-signed certs in the certification callback? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]