Michal Prochazka wrote: > I'm open for every remark and enhancement of this patch. IMHO, it is very breakable script: it compare only strings (issuer name, subject, etc), which can be forged easily. IMHO, we need to check sha1/md5 signatures of CA certificates, not strings. -- // Lev Serebryakov