Message301972
Grant,
I'm not sure I follow you. Do I understand correctly that you want to call SSL_CTX_set_verify_depth(ctx, 1), in order to enforce that a peer cert is directly signed by your CA?
That doesn't sound like a good use of SSL_CTX_set_verify_depth(), because it only works for a simple case without an intermediate CA. Most real-world cases have one or more intermediate CAs. |
|
Date |
User |
Action |
Args |
2017-09-12 16:17:07 | christian.heimes | set | recipients:
+ christian.heimes, vstinner, gbremer, Alex Gaynor |
2017-09-12 16:17:07 | christian.heimes | set | messageid: <1505233027.44.0.741736049183.issue25115@psf.upfronthosting.co.za> |
2017-09-12 16:17:07 | christian.heimes | link | issue25115 messages |
2017-09-12 16:17:07 | christian.heimes | create | |
|