[openssl-users] Certificate Verify and non-root Trust Anchors

Viktor Dukhovni openssl-users at dukhovni.org
Mon Dec 11 23:28:35 UTC 2017

> On Dec 11, 2017, at 6:20 PM, J Decker <d3ck0r at gmail.com> wrote:
> I'm pretty sure you need the root also, not just the intermedia ca...

The purpose of X509_V_FLAG_PARTIAL_CHAIN is to make it possible
to make do with just the intermediate certificate in the trust
store.  So, no, the root is not always required.


More information about the openssl-users mailing list