> Nothing. The trust settings aren't part of the certificate encoding. The > current trust handling stores these after the main encoding only if the > *TRUST() functions are used.
As an aside my postgresql stuff currently uses the standard X509 routines when converting from internal to external format (DER to PEM). Handling "TRUSTED" certificates is on my TO-DO list, but there were too many unknowns. I guess the two questions come down to: 1) how do I determine this extra information is present? Is a non-null x->aux value sufficient? 2) how do I encoded it - which i2d function? (Almost all of my I/O uses macros calling a handful of generic functions, and I've found it much easier to maintain the occasional exception in the same format.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
