On 2012-01-13 15:38 +0100 (Fri), Johannes Bauer wrote: > Ah, good, then I explained it well enough :-) Do you have a solution for > your scenario? Do you manually check certificates? Or is there some > workaround?
I described my situation in a little more detail in this message: http://www.mail-archive.com/openssl-users@openssl.org/msg65890.html My current plan, unless I get further advice otherwise, is to add some custom fields to the certs I use within this system and then to use custom validation functions to determine whether, for any particular cert, it is required to be signed by the "master CA" rather than a "client CA." cjs -- Curt Sampson <c...@cynic.net> +81 90 7737 2974 http://www.starling-software.com/ I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone. --Bjarne Stroustrup ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org