Hi, I have an issue with the policy one can set with SSLVerifyDepth. The documentation says that "a depth of 0 means that self-signed client certs are accepted only, the default depth of 1 menas the client cert can be self-signed or has to be signed by a CA which is directly known to the server." I mean, why would a serious server want to trust self-signed client certificates? It seems like you can't say: "trust only those client certs that are directly signed by a CA in the server's list of trusted CAs." I would suppose, however, that this is the one default mode that most sites will want to choose. How is that done? regards -Gunther
begin:vcard n:Schadow;Gunther tel;fax:+1 317 630 6962 tel;home:+1 317 816 0516 tel;work:+1 317 630 7960 x-mozilla-html:FALSE url:http://aurora.rg.iupui.edu org:Regenstrief Institute adr:;;1050 Wishard Blvd;Indianapolis;Indiana;46202;USA version:2.1 email;internet:[EMAIL PROTECTED] title:M.D. fn:Gunther Schadow end:vcard
