The patch I mentioned previously has now been applied to master in the following commits:
da084a5ec6 15dba5be6a 25690b7f5f fa7b01115b The behaviour is now that openssl will attempt to build a trust chain as it did previously. If that fails, it will then look to see if there is an alternative chain that can be constructed that does succeed. This behaviour can be suppressed using the X509_V_FLAG_NO_ALT_CHAINS flag - this will make openssl behave as it does now. Closing this ticket. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev