Steve,
Thank you! That worked.
That option doesn't exist in the man page for s_server (1.0.1
2013-06-04) for me, so this may be a documentation bug then?
Thanks again!
Jim
On 08/06/2013 10:46 AM, Stephen Henson via RT wrote:
On Fri Aug 02 10:23:23 2013, j...@jimkeener.com wrote:
With -verify and -Verify I believe that the server should reject the
connection if the certificate isn't signed by a valid CA. Is there a way
to emulate such behaviour, or is there a reason that this behaves in
such a manner?
The -verify and -Verify options just decide if a certificate should be request
and if the client must use a certificate. For debugging purposes, by default,
the connection continues if the chain doesn't verify. If you use the option
-verify_return_error the connection should fail.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org