Of all the gin joints in all the towns in all the world, "Shaw, George"
had to walk into mine and say:
>
> It sounds to me like he does trust the root CA, he just wants to deny access
> to certain Sub CAs.
Correct. Specifically, "everyone else" :-)
> I think you would need to program this into your verify callback function.
> The man pages are pretty clear on how to do this.
Which I had already done; I was just hoping there was a better way,
like (for example) setting trust parameters on the sub-ca certificate.
--
Harald Koch <[EMAIL PROTECTED]>
"It takes a child to raze a village."
-Michael T. Fry
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
