On Wed, Jan 07, 2009, Victor Duchovni wrote: > > This is not very clear to me. Which signatures are poorly verified: > > 1. The server's signature on SSL/TLS protocol messages that must > be signed under the server's private key (corresponding to the > private key in its certificate)? >
[ITYM "... corresponding to the public key in its certificat..."] Yes it is 1 only. Certificate chain validation is not affected nor other forms of DSA/ECDSA signature verification such as S/MIME. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org