On 27/10/16 21:09, Renaud Allard wrote: > In openssl source, you can see that the call should be something like: > OCSP_basic_verify(bs, verify_other, store, verify_flags);
That's overstating the case, "Can be". The question is, when is is appropriate and safe from a security standpoint to verify the OCSP proof using an alternate set-of-trust-anchors? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
