From: Simon Josefsson <[EMAIL PROTECTED]>
jas> This patch that allows you to override the check for a valid self-signed
jas> certificate when signing certs using 'x509 -CA'. I find this useful for
jas> those times when you edit certs with M-x hexl-mode.
I'm wondering if OpenSSL shouldn't be changed to accept a store of
trusted points that aren't necessarely root certificates. One might
have the case that one only wants to accept client certificates from
an intermediate CA and not those coming from the rest of the CA tree
(or mesh).
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
