v2 exists, but has seldom been used in real life...
Never seen in the wild, only in captivity.
kudzu> If the cert is a sub-CA cert then it is not self-signed. kudzu> Unless there is some quantum subtlety that I am missing kudzu> here.
I don't think that was a question either.
The answer is that no, there is no way to distiguish sub-CA certificates from user certificates (i.e. v1 and v2 user certificates can be used as sub-CA certificates).
If that's the question, there's still a way. If you treat as valid certs signed by keys represented by certs that have no key-usage extension that supports such signing (CA cert), then that's your problem.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
