Lutz Jaenicke wrote: > > Hi! > > In verify.c there is an option "-trusted", which is not documented in > verify.pod. I am not sure that I understood all of the source of verify.c, > at least I did not understand what this option is good for :-) > Not much. It supplies a file of trusted certificates a bit like -CAfile. It differs in how it works internally in the revised verify code, I put the option while I was testing alternative techniques for looking up certificates and when the X509_STORE hack wasn't in place. Its probably best left undocumented because it might go away if and when X509_STORE gets dumped. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]