I am doing some verifying with openssl on a chain of certs with a (versign) root CA and all other certs in the CApath directory and it was giving me a "OKs". A little stracing showed me that openssl was using the versign root in the openssl ca bundle and not my versign root in my CApath directory. So even if I removed the versign root from my CApath directory it would still verify OK.
As my purpose is to verify against a single set of certs (not two sets of certs) this behavior is annoying. I can just delete the openssl ca bundle and get the behavior I want but what else will this break on the machine. I can't seem to find a cmdline switch or environment variable to stop it's ca bundle. Any ideas. -- Dr. Rodney G. McDuff |Ex ignorantia ad sapientiam Manager, Strategic Technologies Group| Ex luce ad tenebras Information Technology Services | The University of Queensland | EMAIL: mcd...@its.uq.edu.au | TELEPHONE: +61 7 3365 8220 | ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
