Inline.
--
Erwann ABALEA
Le 07/12/2012 11:26, Ralph Holz a écrit :
Hi,
Yes, that clarifies the issue for me.
One thing I am wondering about now (as a user) would be how to get
openssl to disregard any local trusted cert list - i.e. how do I get it
to act on the provided CAFile only?
"openssl <command> -CAfile myfile -CApath /nonexistent" should do it.
Do I need to remove the complete local root store? Or can I set the
CAPath to "." and then openssl will not fall back to default settings?
Setting -CApath to '.' works also.
I think that information is what users are really looking for.
Ralph
On 12/06/2012 09:32 PM, Chris Palmer wrote:
On Thu, Dec 6, 2012 at 12:00 PM, Erwann Abalea
<erwann.aba...@keynectis.com> wrote:
There's the same behaviour with -CAfile. If -CAfile isn't specified, then
the default platform CA file is used (by default, /usr/lib/ssl/cert.pem).
This is true for verify, ocsp, smime, and cms.
Oh, right. New diff attached.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
