This is a good idea but 0.9.6 is too old and have a lot of "minor problems". 0.9.7 had a very longAnd according to the OpenSSL 0.9.7 code (crypto/x509/x509_vfy.c, aroundWe're probably going to wait for 0.9.7b before we upgrade in our production environment. :)
line #200) it should work perfectly too. If you are using OpenSSL 0.9.6 then you might consider upgrading to 0.9.7. It'll save you a lot of time :)
"cull off" period and I believe that it actually 0.9.7b or 0.9.7c now. And I just checked 0.9.6
sources and I do see that it returns an error w/o checking "trusted" certs. I do not like your patch
because it accepts *any* self signed cert. Nothing is impossible and I can write some glue code
to make additional check on xmlsec level but it just does not make any sense to me. And I am going
to drop 0.9.6 support as I decleared many times :)
Aleksey
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
