Correction (just for the record), they do not include them that's true, however when they are added to the store they are handled correctly.
What if you add new CA's at the beginning of the list instead of append it to the end ? If OpenSsl searches the list and find the correct CA first, then the old CA won't probably be checked at all
Paul
-- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be