Zvone wrote: > Also, is there a mechanism (in ICS) to check for invalid root > certificates (regarding the recent SSL issue with bad Comodo > certificates)?
No there isn't. It's rather easy to fix TSslContext to include CRLs (Certificate Revocation Lists) in the certificate verification process. That's just adding a new property "SslVerifyFlags" and a call to f_X509_STORE_set_flags(). However that makes only sense if the revocation lists are up to date. The download location is stored in the certificate and can be either a HTTP link or something else, and the format of the CRL may not be in PEM format. Another option was OCSP, if I remember well. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be