Dr S N Henson wrote: > > Ben Laurie wrote: > > > > Dr S N Henson wrote: > > > > > > > > > The self signed cert was only an example. There are other cases which > > > could apply as well. An example would be explicit trust of an EE > > > certificate. That isn't supported in OpenSSL yet but it will be at some > > > point. It would however have a similar criteria: only an exact match > > > would be acceptable. > > > > I believe this is supported (by writing appropriate callbacks) - I'm > > sure I remember doing it at some point. > > > > Well yes you can do most things with callbacks. I was referring to a > method where you could (for example) place an EE certificate in a > trusted store, set a "trust this certificate for some purpose" setting > on it and a certificate verify would automatically succeed even though > the rest of the chain was absent.
Right. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
