Hi,
Note that policy procesing has to be specifically enabled with the appropriate
verification arguments, it isn't by default. Yes "openssl verify" is usable
for testing.
Steve.
thanks for the answer. Works like a charme when using
-explicit_policy -policy anyPolicy
for example.
_
On Fri, Jun 19, 2009 at 10:07 AM, Dr. Stephen Henson wrote:
>
> This needs one of those box diagrams ;-)
>
> The simplest cases have policys as the intersection of the sets of all
> policies. With the trust anchor policies being ignored.
>
> Say you have root->CA1(OID1, OID2)
>
> [i.e. CA1 has cert
On Fri, Jun 19, 2009, Peter Sylvester wrote:
> Hello,
>
> some recent changes in openssl (1.0.0) done by Stephen Henson
> are about an addition to have policy checking in path validation.
>
> I am trying to find out how to configure a small hierarchy with
> one root and one operational CA, i.e. on
