When testing a certificate for its allowed purposes, I found:
$ for purpose in sslclient sslserver nssslserver smimesign smimeencrypt crlsign
any ocsphelper
> do
> echo -n ${purpose}:
> openssl-0.9.8 verify -verbose -CAfile ca_chain.txt -purpose $purpose my.pem
> done
sslclient:my.pem: OK
sslserver:my.pem: OK
nssslserver:my.pem: OK
smimesign:my.pem: OK
smimeencrypt:my.pem: OK
crlsign:my.pem: /C=GB/O=Defer Test/OU=basic/CN=Martin Kraemer/[EMAIL PROTECTED]
error 26 at 0 depth lookup:unsupported certificate purpose
OK
any:my.pem: OK
ocsphelper:my.pem: OK
For the case of the "crlsign" purpose, shouldn't openssl die with
a "non-OK" error, instead of printing an error, but finally "OK"?
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
