>Verifying is a complex process
Now *there's* an understatement. :) The IETF PKIX draft update to the
cert/CRL profile takes 20 pages to specify "path validation." See ch6 of
http://www.imc.org/draft-ietf-pkix-new-part1
> and I don't recommend you do it manually:
Vandyke&Associates has released free verification software (I think as part
of the S/MIME freeware library, SFL). I have no idea how easy it would be
to graft that into openssl. Doing so would be a neat trick, however, as it
might raise the question is the US gov't violating the current export rules
by providing technical assistance? :)
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
