I wrote:
> pathLenConstraint counts just the CA path -- 0 means that a CA may
> sign only end entities --, while verify_depth counts all certificates,
> IIRC).
I don't really mean all certificates (unless one starts counting at
0), but all steps on the path: Depth 1 means that CAs sign end-entity
certificates directly, and depth 0 should mean that we accept just
those certificates that we have in our own certificate store.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]