I think you are right about the current behaviour When filling up the intermediate stack, the x609 verify cert break when the verifydepth is reached as far as I see from the code, but it seems that the ssl library doesn't set a verify depth?
But in this case the verifydepth would work I think.Yes but the client will still send the user certificate, one intermediate CA and optionally the root CA. OpenSSL will use those to build as much of the path as possible and try to complete it using the trusted store. When it can't find the root CA in that store it will fail. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
--To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
smime.p7s
Description: S/MIME Cryptographic Signature