Arno Garrels wrote:
RTT wrote:

What do you think about this verify result?
D:\>openssl verify -CAfile TrustedCA.pem -untrusted MyServerCert.pem
MyServerCert.pem MyServerCert.pem: OK

TrustedCA.pem contains the issuer certs of MyServerCert.pem.

If the TrustedCA.pem file contains the root CA, what happen if you add
the -propose option?

When -purpose isn't specified it defaults to "any". When I set,
for example, "sslserver" it makes no difference. Seems like the untrusted certificates are ignored, same happens in
my Delphi code as well.
Just referenced that becuase the help say that "Without this option no chain verification will be done" so just testing to check if something in the code is being bypassed (i.e. checking list of untrusted certs) because of that.
And you are sure the MyServerCert.pem is not, by mistake,  self signed.
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to