* Eisenacher, Patrick wrote on Tue, Feb 23, 2010 at 12:30 +0100:
[...]
The selection of a trust anchor is a matter of policy: it
could be the top CA in a hierarchical PKI, the CA that
issued the verifier's own certificate(s), or any other CA in
a network PKI.
And no, I don't need
On February 22, 2010 09:18:25 am Eisenacher, Patrick wrote:
-Original Message-
From: Patrick Patterson
On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
Is there a way (via the API rather than the tool) to tell
OpenSSL that
the sub-CA certificate is trusted and it doesn't
Hi Patrick,
sorry for the bad line-breaking, but I'm stuck here with a poor msa.
-Original Message-
From: Patrick Patterson
On February 22, 2010 09:18:25 am Eisenacher, Patrick wrote:
-Original Message-
From: Patrick Patterson
On 12/02/10 8:51 AM,
On Mon, Feb 22, 2010, Eisenacher, Patrick wrote:
Unfortunately, the perceived verification algorithm is a limitation in
openssl, which always wants to do path validation up to a self signed cert,
even if no revocation checking is requested. And no, there's no way to
modify its verification
-Original Message-
From: Patrick Patterson
On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
Is there a way (via the API rather than the tool) to tell
OpenSSL that
the sub-CA certificate is trusted and it doesn't need to
walk further
up the chain? For my case, I embed the sub-CA
On Thu, Feb 11, 2010 at 1:31 PM, skillz...@gmail.com wrote:
I have a DER-encoded PKCS#7 file that I'd like to extract the
certificate from, verify that certificate against a specific sub-CA
certificate, then use the certificate's public key to verify a
signature.
I looked at the code for
On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
Is there a way (via the API rather than the tool) to tell OpenSSL that
the sub-CA certificate is trusted and it doesn't need to walk further
up the chain? For my case, I embed the sub-CA certificate in my code
and I'm space constrained so I'd
I have a DER-encoded PKCS#7 file that I'd like to extract the
certificate from, verify that certificate against a specific sub-CA
certificate, then use the certificate's public key to verify a
signature.
I looked at the code for the pkcs7 tool and it looks directly inside
the PKCS7 object to