Here the XrdCryptogsiX509Chain::Verify is used to verify a chain of CA certificates, something I don't think it was originally intended to do. In this case there should not be an EEC certificate in the chain, so the result for a verified CA certificate chain is that XrdCryptogsiX509Chain::Verify returns false (i.e. the verification fails as an EEC certificate chain) and the error returned is kNoEEC. I.e. there is a failure reported if the chain verifies as an EEC chain (and hence is not a CA chain) or if the error returned is something else than kNoEEC. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/466#issuecomment-281103485 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1