Hi, I'm validting a cert chain by first loading the certificates I trust
into memory and using it durign validation by calling
X509_STORE_CTX_trusted_stack()
This is working, but I would like to be able to treat the trusted certs
as two different types - trusted root certs and trusted intermediate certs.
Is there are way to specify two different trusted_stack structures which
the X509_verify_cert function will use in a way that it knows which are
the root certs and which are the intermediate certs, or is this
something that it somehow knows anyway simply by putting them all in the
single trusted stack?
Is it something that should instead be done by a verify callback
function? If so, what should I be looking for to tell if the cert being
used is root or inter, and if it is the end of the chain or not?
Thanks for any help with this.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org