[openssl.org #3288] openssl 1.1 - X509_check_host is wrong and insufficient

Hi, in openssl 1.1 you add a new function X509_check_host, see also RT#2909. In the current implementation it is incomplete and also wrong. The current reference to hostname checking should be RFC 6125, which describes the recommended general behavior and also the behavior for different

[openssl.org #2732] Bug: verification fails if muliple certification path (EV/Verisign)

Hi, we get the following verification problem in our product, because some servers like signin.ebay.de, comdirect.de or meine.deutsche-bank.de add additional certicates to the chain, which are needed for some clients but not for others. Unfortunatly these are not minor companies and all of the