Hi, great. I used to think I'm avantgarde with my openssl 1.0.0c on openSUSE 11.4. Still, the command-line gives me the same help as yours. It takes all the fancy arguments from the web documentation though: openssl verify -verbose -explicit_policy -policy 1.3.5.1 -policy_print -policy_check -CAfile ./testcert.pem testcert.pem Require explicit Policy: False Authority Policies: <empty> User Policies: <empty> testcert.pem: OK swinter@aragorn:~> But as you see, it ignores the "explicit policy required" and "policy = 1.3.5.1" parameters deliberately. Grr. Stefan Am 10.06.2011 14:09, schrieb Alan Buxey:
Hi,
The external shell script certificate validation stuff should work. should, aye. however, the current openssl 'verify' has the following
openssl verify -help usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ... recognized usages: sslclient SSL client sslserver SSL server nssslserver Netscape SSL server smimesign S/MIME signing smimeencrypt S/MIME encryption crlsign CRL signing any Any Purpose ocsphelper OCSP helper
- this is on latest RHEL release (and therefore CentOS etc) - theres no 'purpose' flag like the current 'bleeding edge' OpenSSL manual describes :-(
(i'm thinking of compiling my own local restrained copy to try out leaving the distro stuff well-alone)
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473