On 18.05.2016 19:51, Salz, Rich wrote: >> Is there something I'm missing? > Nope. From the description of SSL_CTX_load_verify_locations i would have expected that certificates loaded via the CApath mechanism are loaded anew for every verification process. If this is not the case an appropriate note in that description would be very nice. Ciao, Richard