Michael Ströder <mich...@stroeder.com> writes: > Bruce Stephens wrote:
[...] >> Ah, my fault. Obvious in retrospect: Debian's openssl finds the root >> cert because it's in the ca-certificates package! > > Did you use -CAfile as in my original posting when testing? I did. > Doesn't -CAfile set exclusively all trusted CA certs? Apparently not, the normal openssl.cnf is read and (on Debian, if ca-certificates is installed) that gives a set of extra CA certificates. [...] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
