> On Dec 15, 2015, at 5:00 PM, Nounou Dadoun <[email protected]> wrote:
>
> I have actually asked a variant on this question in the path, I would
> rephrase it as I have a certificate chain which doesn't go all the way back
> to a self-signed cert. But I "trust" the highest certificate in the chain
> that I have; is there a way of telling openssl that once it hits this
> "trusted" certificate, it can stop and return the result. As I recall, the
> answer was no .. N
With OpenSSL 1.0.2 or greater you can use trust-anchors that are not
self-signed.
API:
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
CLI:
openssl verify -partial_chain ...
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
