From 48c973eac73e55b546f2ee480997a19113d05fd6 Mon Sep 17 00:00:00 2001
From: Thierry Parmentelat <thierry.parmentelat@inria.fr>
Date: Fri, 13 Jan 2017 13:34:23 +0100
Subject: [PATCH] no change - only notes on using the openssl command line for
 debugging

---
 sfa/trust/certificate.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index 5ad616a3..960a387d 100644
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -35,6 +35,15 @@
 ##
 #
 
+# Notes on using the openssl command line
+#
+# for verifying the chain in a gid, assuming it is split into pieces p1.pem p2.pem p3.pem
+# you can use openssl to verify the chain using this command
+# openssl verify -verbose -CAfile <(cat p2.pem p3.pem) p1.pem
+# also you can use sfax509 to invoke openssl x509 on all parts of the gid
+#
+
+
 from __future__ import print_function
 
 import functools
-- 
2.47.0