Back to OpenSSL, this armchair-Google expert thinks it looks like OpenSSL may provide certificate-chain verification? https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_verify.html
Oh, yeah, THAT part is easy. But we also have to do certificate name and SAN validation, at least, AND .... should we do OCSP to check CRLs? --Ken _______________________________________________ Nmh-workers mailing list Nmh-workers(_at_)nongnu(_dot_)org https://lists.nongnu.org/mailman/listinfo/nmh-workers
| Previous by Date: | Re: [Nmh-workers] TLS certificate validation, Ken Hornstein |
|---|---|
| Next by Date: | Re: [Nmh-workers] TLS certificate validation, Valdis . Kletnieks |
| Previous by Thread: | Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy |
| Next by Thread: | Re: [Nmh-workers] TLS certificate validation, Laura Creighton |
| Indexes: | [Date] [Thread] [Top] [All Lists] |