When testing a certificate for its allowed purposes, I found: $ for purpose in sslclient sslserver nssslserver smimesign smimeencrypt crlsign any ocsphelper > do > echo -n ${purpose}: > openssl-0.9.8 verify -verbose -CAfile ca_chain.txt -purpose $purpose my.pem > done sslclient:my.pem: OK sslserver:my.pem: OK nssslserver:my.pem: OK smimesign:my.pem: OK smimeencrypt:my.pem: OK crlsign:my.pem: /C=GB/O=Defer Test/OU=basic/CN=Martin Kraemer/[EMAIL PROTECTED] error 26 at 0 depth lookup:unsupported certificate purpose OK any:my.pem: OK ocsphelper:my.pem: OK
For the case of the "crlsign" purpose, shouldn't openssl die with a "non-OK" error, instead of printing an error, but finally "OK"? Martin -- <[EMAIL PROTECTED]> | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]