Hi,
I had a set of related questions regarding the trusted CA store and
certificate chaining:
1. Lets say we have a chain of the form RootCA -> SubCA ->
Server-certificate.
Now, Will the openssl verify function be able to verify if I give only
the SubCA as the trusted CA Cert and the above chain as the certificate to
verify.
2. Is it possible to load more than one CA directories by calling
SSL_CTX_load_verify_locations repeatedly. If no, then what can be done if we
want to load the CA certs in >1 different directories into the SSL_CTX
3. Is there a way to know, after the certificate verification on an SSL
Connection, which certificate in the chain was trusted. I mean, is there any
API call which will give me the certificate that was trusted. I know about
the ssl_get_peer_cert_chain but this gives the whole chain and I am
interested only in the trusted CA certificate which satisfied the
verification procedure.
Thanks.
