Thanks for the detailed response, Dave.
> As the authenticator you know your own cert already. As the verifier you can
> get the cert and look at it.
> ... You should be able to know what you configured.
In general, yes. But in the context of a large proxy server fronting hundreds
of servers and millions of clients, it's way much easier to pull stuff out of
the SSL structure than to rummage back through configuration.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
