This is primary for Ralf and mod_ssl, but this is the list I'm on and they might be usable to other openssl folk.
A while ago I wrote some code for mod_ssl-2.8.4-1.3.20 that implements the SSLCARequestFile directive. This allows explicit control of the CA distinguished names sent in a client certificate request. That is, there are cases where you want these names to differ from the CAs that you trust with the SSLCACertificateFile directive. It defaults to the latter (current behavior) if omitted. Careful use of this allows Netscape's "Select Automatically" option to work properly. The code is available at http://bossie.doit.wisc.edu/code/mod_ssl You're welcome to it and it would be nice to see it (or equivalent functionality) included in future mod_ssl releases. Eric Norman "Congress shall make no law restricting the size of integers that may be multiplied together, or the number of times that an integer may be multiplied by itself, or the modulus by which an integer may be reduced". ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]