On Fri, May 24, 2002, Fiel Cabral wrote: > When pkcs12 is passed the -cacerts option, is it > supposed to print out only CA certificates? > It seems like the -cacerts option does not check if > the certificate contains basicConstraints CA:TRUE. Is > this the correct behavior or is it a bug? > Thanks.
The -cacerts option outputs all certificates that don't include a private key. This will normally be just CA certificates for common PKCS#12 implementations but it doesn't have to be. Perhaps another name like -othercerts could be more appropriate. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
