Hi, I've written an HTTP client and server that uses the OpenSSL library to secure the connection. What I can't figure out is how to set up the "PKI" to make cert verification work. "SSL_CTX_load_verify_locations" would set up the location of my CA certs but do I need both the CAfile and CApath parameter? What's the correlation between them? Should all certs in the CApath or CAfile be "Trusted", or is it only the root certs? How do I set up the CA directory, I understand that the files must named after hash-values? What does "SSL_CTX_set_default_verify_paths" do, is it required to make it work? BTW, these programs are ment for both Win and UNIX, are there any differencies to think about here? Best regards Andreas Rehn Software Engineer - Product Development _____________________________________________________________ Viewlocity AB Tritonv�gen 17, P.O. Box 13, S-171 18 Solna, Sweden Phone: +46 8 799 32 00, Direct: +46 8 799 32 38, Fax: +46 8 799 32 99 Email: [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
