Ben Laurie wrote: > > Dr S N Henson wrote: > > > > > > The self signed cert was only an example. There are other cases which > > could apply as well. An example would be explicit trust of an EE > > certificate. That isn't supported in OpenSSL yet but it will be at some > > point. It would however have a similar criteria: only an exact match > > would be acceptable. > > I believe this is supported (by writing appropriate callbacks) - I'm > sure I remember doing it at some point. >
Well yes you can do most things with callbacks. I was referring to a method where you could (for example) place an EE certificate in a trusted store, set a "trust this certificate for some purpose" setting on it and a certificate verify would automatically succeed even though the rest of the chain was absent. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
