Thank you all for your valuable inputs. I really appreciate your sharing your thoughts with me and am digesting them.
Right now it looks the easiest for me is static linking + baking my trusted root CAs into a single cert file + validating the file before using it. I also need to figure out a way to patch applications when severe vulnerabilities are discovered. In doing this, my applications can not automatically pick up security fixes system installs and I have to patch applications when a root CA needs to be added/deleted. Yvonne ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
