On Tue, Sep 14, 2010 at 11:27:09AM -0400, Allan E. Johannesen wrote:
> I noticed that our CA store (/usr/local/ssl/cacert.pem) was pretty old, with
> some expired certificates in it, etc.
>
> I exported the certificate list out of a Windows firefox and put that in place
> and I thought things were fine. I did 'openssl verify' on a few of our
> certificates from different vendors and all looked good.
You could try to use a CApath/ directlry (indexed via c_rehash), instead
of a CAfile. This should scale better.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
