On 02/09/2013 12:12 PM, Jeremy Harris wrote:
I'm working on an implementation of the client side of OCSP stapling. To verify the stapled information I'm using the chain leading to the server certificate, as presented in the (repeated) verify callbacks for the server cert.
Despite the resounding lack of response I've moved to building a fresh store, though still using the verify callbacks. This is to ensure that the exact CA chain used for the server cert is also used for the stapling response verification. Any screams of "you're doing it wrong" before this gets baked in to a certain MTA? -- Jeremy ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
