On Thu, Oct 19, 2000 at 03:58:26PM -0400, Louis LeBlanc wrote:
> I think the problem is here, in the check of verify_depth and depth:
You misunderstand the verify_depth
> This is the format that has been suggested to me, and what is used in
> s_client. I am setting verify_depth to 1, and it gets verified to depth
> 0 when I don't have the CA cert available. It seems to me the
> verification process _begins_ with the peer cert, _then_ goes to the CA
> cert. If it cannot find the CA Cert, the 'verified' depth returns as
> 0. The verify_depth, of course, is 1. So shouldn't that comparison
> read like this:
The certificate is checked at all depth levels it contains. The culprit
is to check out the "ok" value handed to the verify_callback.
Since last week there is a manual page available:
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
