Hi all, I hava a doubt regarding X509_verify_cert.
What I understand from the documentation of "verify" is that we need to pass all the trusted certs and all the un-trusted certs.
X509_verify_cert will construct the cert chain upto the ROOT CA and then validates the chain and finally verify the self-certificate. What I understand is that this function expects the ROOT CA to be self-signed and it MUST be present in the trusted list.
My specific question is..
1. Is it MUST that the Root CA be self-signed. The reason is that the trust anchor up to which the application MAY verify need not be the ROOT CA. Is there any standard that indicates that the chain MUST be verified up to the ROOT CA. Is there any way where I can indicate the function to return success even if the chain is not complete.
Awaiting your valuable responses....
Regards
Suram
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
