Thanks for the patch! I've applied and commited it with minor modification to
allow 0 depths (just set the initial depth to 9 when we create X509_STORE :) ).
I think that someone migth need it one day.
With best regards,
Aleksey.
[EMAIL PROTECTED] wrote:
Hello aleksey,
at first, really thank you for your good ``xmlsec'' library.
The hint of this feature is to improve the certificate verification
by adding a limitation in the certificate chain. This is necessary because
OpenSSL use a default maximum chain length of nine.
The next 'diffs' are made on the xmlsec-0.0.12 tree
The modifications in 'x509.c' are valid for OpenSSL-0.9.6 and OpenSSL-0.9.7
The test against a 0 value of depth is for backward comptability (the key
manager is
initialized with this value) and for sematic: a value of 0 allow *ONLY*
self signed
certificates.
Regards
Jean-Etienne SCHWARTZ
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
