Dear Kyle,
Dear Patrick Patterson.
Thank you for the reply.
> -----Original Message-----
> From: [EMAIL PROTECTED]
>
>
> Hi there:
>
> On July 28, 2008 08:07:22 am Takurou Saitou wrote:
> > Hi.
> >
> > On the Openssl 0.9.8h, I want to execute certificate verify that contains
> > the certificate policy check by using "openssl verify" command.
> >
> > I succeed the verification though random OID is specified
> > for the "-policy" option of "openssl verify" command.
> >
> > Is my usage wrong?
> >
> >
> > (Use example)
> > openssl verify -policy 1.2.46.67. -policy_check -CAfile cacert.pem cert.pem
> > cacert.pem: OK
> >
> I think that you need to add -explicit_policy to the arguments.
>
> To see what it is doing, you may want to also add -policy_print
I added two options mentioned above and execute.
The result was as follows.
(result)
openssl verify -policy 1.2.46.67. -policy_check -explicit_policy -policy_print
-CAfile cacert.pem cert.pem
.cert.pem: error 43 at 0 depth lookup:no explicit policy
Require explicit Policy: True
Authority Policies:
Policy: 1.1.3.4
Non Critical
No Qualifiers
Policy: 1.2.4.5
Non Critical
No Qualifiers
User Policies: <empty>
Verify result OK was not given.
When I perform a certificate policy check, must I reserve two options
of "-policy_check" and "-explicit_policy" by all means?
Thank!
Takurou Saitou.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
