Hi Steve, On 9 March 2011 13:03, Dr. Stephen Henson <[email protected]> wrote:
> > Am I correct in surveying that openssl verify uses a default of > "sslserver" > > for -purpose? > > > > No it just means that most certificates could (in theory) be use as SSL > server > certificates. If you had appropriate extensions restrictions (e.g. extended > key usage or the deprecated netscape certificate type) you'd notice the > difference. > Thanks for the quick answer. Still, does this mean that if I don't use -purpose at all, the certification chain would be still be evaluated normally, just without checking for certificate purpose? Because the way the docs say it, I would have concluded chain evaluation is not done at all - yet it seems to happen. Thanks, Ralph
