The apps/s_server.c does not call the routines as cms/verify/.. to interprete
policy parameters. Well, easy to change.
There is a little bug in s_cb.c when the verify_callback is called
without a certificate, i.e. err_cert == NULL,
it segfaults. Also, easy to fix.
Someone willing to apply a patch for both?
I wonder whether a flag to get the policy parameters differently than
from options would be a nice feature. Since the trust anchor self signed
cert is ignored in this process, it has been suggested elsewhere to
use the extension values to fill the initialisation value for path validation,
i.e. require explicit policy, inhibitmapping, no mapping for
anypolicy and the initial policy set.
As a side effect this would allow to have different settings for different
trustanchors.
Any thoughts?
Peter Sylvester
/PS
:§I"Ï®ÞrØm¶ÿÃ�
(¥éì²Z+7¯zZ)éí1¨¥x�Ëh¥éì²W^¾^Ë%¢¸�ºÚ&j×.+-1©Úêæj:+v¨¢§²Éh®
