On Sat, Aug 13, 2005, David Reid wrote: > Quick reality check please? :-) (We all need 'em!) > > 3 certificates, > > 1. Self signed 'CA' cert > 2. Certificate created using cert #1 > 3. Certificate created using cert #2 > > Certs 1 & 2 have had their hashed symlink created into a directory > 'certdir'. > > Which of these *should* work? > > openssl verify -CApath certdir cert#1 > openssl verify -CApath certdir cert#2 > openssl verify -CApath certdir cert#3 >
The verification process needs to be able to build a path to the root CA and the root CA has to be trusted. So all of those should work. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
