> That's exactly what we currently do, we provide a verification callback, but > we do need to be able to set the failing cert in a chain for that. Stick it in EXDAT? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602 Please log in as guest with password guest if prompted