Hi all, I hava a doubt regarding X509_verify_cert.
What I understand from the documentation of "verify" is that we need to pass all the trusted certs and all the un-trusted certs.
X509_verify_cert will construct the cert chain upto the ROOT CA and then validates the chain and finally verify the self-certificate. In this case as I understand, this function expects the ROOT CA to be self-signed and it MUST be present in the trusted list.
1. Is it MUST that the Root CA be self-signed. The reason is that the trust anchor up to which the application MAY verify need not be the ROOT CA. Is there any way where I can indicate the function to return success even if the chain is not complete.
Awaiting your valuable responses....
Regards
Suram
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
