have no key-usage extension
You know of course I MEANT to say basic-constraint.
If you accept a cert signer whose cert doesn't have CertificateAuthority as a basic constraint, you are naughty.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
