On Fri Aug 02 10:23:23 2013, [email protected] wrote: > > With -verify and -Verify I believe that the server should reject the > connection if the certificate isn't signed by a valid CA. Is there a way > to emulate such behaviour, or is there a reason that this behaves in > such a manner? >
The -verify and -Verify options just decide if a certificate should be request and if the client must use a certificate. For debugging purposes, by default, the connection continues if the chain doesn't verify. If you use the option -verify_return_error the connection should fail. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
