Erik Tkal <et...@juniper.net> writes: > Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say "It is > an error if the whole chain cannot be built up."
Maybe, but I think it's just as reasonable to regard it as a bug in the docs. I think it's useful for verify to be able to verify chains from trust anchors (whether or not they're root CAs), and that "verify" ought to regard -CAfile and -CApath as pointing at certificates representing such trust anchors. With that interpretation 0.9.8o is right and 1.0.0a appears to be wrong. [...] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org