Hi all, I hava a doubt regarding X509_verify_cert. What I understand from the documentation of "verify" is that we need to pass all the trusted certs and all the un-trusted certs.
X509_verify_cert will construct the cert chain upto the ROOT CA and then validates the chain and finally verify the self-certificate. What I understand is that this function expects the ROOT CA to be self-signed and it MUST be present in the trusted list. My specific question is.. 1. Is it MUST that the Root CA be self-signed. The reason is that the trust anchor up to which the application MAY verify need not be the ROOT CA. Is there any standard that indicates that the chain MUST be verified up to the ROOT CA. Is there any way where I can tell the function to return success even if the chain is not complete(upto ROOT CA). Awaiting your valuable responses.... Regards Suram ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]