Thanks for the extensive reply.
A part of your answer is reproduced below.
I don't think handling the depth internally (which is a good thing)
completely removes the need for a callback. Another reason for requiring
a callback is to obtain the certificate status. This could be achieved
with a certificate status callback. With the code as it stands today,
however, the best place to verify the status of the certificate would
seem to be in the verify callback.
Ron.
------
> But anyway I think that it shouldn't be necessary to use a verify
> callback function. I've recently added functions to the SSL API that
> allow defining a verification depth, because this is something that
> the library should be able to do, and there _is_ support for it in the
> X.509 library (but the X.509 library does not yet produce the right
> error code when the length is exceeded).
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
