I find right as it is now:
Reason:
Depth = 0 - disabled
Depth = 1 - father - son
Depth = 2 - son - father - son
is like in akin degrees... two brothers are second degree akins
because they share a common ancestor aunt and niece are third degree
and so on...
"Ralf S. Engelschall" wrote:
In article you wrote:
[...]
And the depth check is done via
| if (depth = SSLVerifyDepth) error...
[...]
My opinion is that the depth counting is ok startinbg from 0 and intuitive.
But the check should be
| if (depth SSLVerifyDepth) error...
[...]
Votes for the "=" to "" change and to
We have a PR (#35) where the user is confused by the interpretation of the
SSLVerifyDepth argument. He wants to only accept a cert which has to be
directly signed by the to be known CA certificate, i.e. he wants to not allow
intermediate CA certs. He intuitively thought SSLVerifyDepth 0 or