Re: [exim-dev] Exim OCSP stapling

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jeremy Harris
Data:  
Para: exim-dev
Assunto: Re: [exim-dev] Exim OCSP stapling
On 03/02/2013 10:39 PM, Phil Pennock wrote:
> I think that if CAfile or CApath is set, then that should be the only
> trust anchor.


Set where?

If you mean "as fed to SSL_CTX_load_verify_locations() in setup_certs()
then we have that, indirectly and further restricted to the actual chain
above the server's certificate (and not any other root cert we decided to trust).

--
Jeremy