On Mon, Nov 28, 2005, Stefan Vatev wrote: > > Hi guys, > I had to look in-depth the ocsp stuff of openssl and some > questions arise. Well, in ocsp.c I don't get why after > trying OCSP_basic_verify(bs, verify_other, store, > verify_flags) and the result is negative openssl ties to > verify the signer's certificate again, but without the > stack of certs (which to be verified) and all flags set to > zero. I really don't understand this piece of code :( >
I have to admit that I wasn't sure why that was there either :-) Checking through CVS it looks like it is some legacy code from the initial support for -VAfile which is now handled differently and that isn't needed any more. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
