Inline.
--
Erwann ABALEA
Le 07/12/2012 11:26, Ralph Holz a écrit :
Hi,
Yes, that clarifies the issue for me.
One thing I am wondering about now (as a user) would be how to get
openssl to disregard any local trusted cert list - i.e. how do I get it
to act on the provided CAFile only?
"openss
Hi,
Yes, that clarifies the issue for me.
One thing I am wondering about now (as a user) would be how to get
openssl to disregard any local trusted cert list - i.e. how do I get it
to act on the provided CAFile only?
Do I need to remove the complete local root store? Or can I set the
CAPath to "
On Thu, Dec 6, 2012 at 12:00 PM, Erwann Abalea
wrote:
> There's the same behaviour with -CAfile. If -CAfile isn't specified, then
> the default platform CA file is used (by default, /usr/lib/ssl/cert.pem).
> This is true for verify, ocsp, smime, and cms.
Oh, right. New diff attached.
verify.po
There's the same behaviour with -CAfile. If -CAfile isn't specified,
then the default platform CA file is used (by default,
/usr/lib/ssl/cert.pem).
This is true for verify, ocsp, smime, and cms.
I personally don't think it's unexpected for the openssl app. I'd even
like it to be extended to ot
On Thu, Dec 6, 2012 at 2:16 AM, Ralph Holz
wrote:
> -CAfile fileA file of trusted certificates.
>
> "The lookup first looks in the list of untrusted certificates and if no
> match is found the remaining lookups are from the trusted certificates.
> The root CA is always looked up in the truste
Hi,
> See apps/apps.c, function setup_verify. It receives 2 arguments CAfile
> and CApath.
> Each one is processed independently, and if either one is NULL, its
> corresponding default is used.
>
Thanks for the quick reply. The openssl docs at
http://www.openssl.org/docs/apps/verify.html
say:
Bonjour,
See apps/apps.c, function setup_verify. It receives 2 arguments CAfile
and CApath.
Each one is processed independently, and if either one is NULL, its
corresponding default is used.
--
Erwann ABALEA
Le 06/12/2012 10:38, Ralph Holz a écrit :
Good day,
I was using openssl verify as