On Wed, Mar 09, 2011, Ralph Holz wrote: > > Sorry again, but this is somewhat confusing. Your words seem to imply that > the correctness of the chain leading up to the root CA is indeed evaluated > (else why bother about the CA cert?). Yet the docs say about -purpose: > "Without this option no chain verification will be done" > > If I don't pass -purpose, is the correctness of the chain evaluated at all? > Because if it is, I think the wording in the docs is misleading. >
Yes the chain is evaluated even without -purpose. At one point in the distant past it wasn't but the docs never got updated. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
