On Mon, Sep 07, 2015 at 02:56:44PM +0200, Florent Daigniere wrote: > > Agreed. The catch is that it's useless as a debugging tool too with the > new behaviour (see bug #792396). There's no indication whatsoever that > the system's CA path has been added to the certificate chain... and the > manual goes as far as suggesting that it isn't: > > " > -CApath directory > The directory to use for server certificate verification. [...] > "
As far as I know there is a default CApath being used, and using -CApath adds that directory. But I think it might be unexpected, and clearly is still under documented. I think there was some change in behaviour between 1.0.1 and 1.0.2, but I can't remember the details. Kurt
