>Back to OpenSSL, this armchair-Google expert thinks it looks like >OpenSSL may provide certificate-chain verification? >https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_verify.html
Oh, yeah, THAT part is easy. But we also have to do certificate name and SAN validation, at least, AND .... should we do OCSP to check CRLs? --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
