Hi, Thank you for your comments. Alon Bar-Lev wrote: > On 1/3/07, Faidon Liambotis <parav...@debian.org> wrote: >> Ok, here's another try, even though I didn't get any comments on the >> first one :-) >> >> This is a totally different approach; the previous one was flawed in at >> least two aspects: > > This is better. > But you should use CertVerifyCertificateChainPolicy in order to verify > chain, you should have two policies, one for server and one for > client... I've thought about it but didn't implement it because the only policy I could think of was the nsCertType checking which is already being done by OpenSSL if the user requested it.
> I think you can remove the global variable you added to ssl.c and put > it in the session. True, I will fix this. Regards, Faidon
