Arno Garrels wrote:
Just referenced that becuase the help say that "Without this option no
chain verification will be done" so just testing to check if something
in the code is being bypassed (i.e. checking list of untrusted certs)
because of that.
What do you think about this verify result?
D:\>openssl verify -CAfile TrustedCA.pem -untrusted MyServerCert.pem
MyServerCert.pem MyServerCert.pem: OK
TrustedCA.pem contains the issuer certs of MyServerCert.pem.
If the TrustedCA.pem file contains the root CA, what happen if you add
the -propose option?
When -purpose isn't specified it defaults to "any". When I set,
for example, "sslserver" it makes no difference.
Seems like the untrusted certificates are ignored, same happens in
my Delphi code as well.
And you are sure the MyServerCert.pem is not, by mistake, self signed.
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be