On 03/02/2013 10:39 PM, Phil Pennock wrote:
I think that if CAfile or CApath is set, then that should be the only trust anchor.
Set where? If you mean "as fed to SSL_CTX_load_verify_locations() in setup_certs() then we have that, indirectly and further restricted to the actual chain above the server's certificate (and not any other root cert we decided to trust). -- Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
