On 24/02/15 21:28, na...@sitetruth.com via RT wrote:
This is an old bug from 2011, generated originally by someone who put a
self-signed cert in their cert chain. Until now, it's been ignored.
It's become a big problem now that Verisign cross-signed one of their
major root certs (VeriSign
On 24/02/15 21:28, na...@sitetruth.com via RT wrote:
This is an old bug from 2011, generated originally by someone who put a
self-signed cert in their cert chain. Until now, it's been ignored.
It's become a big problem now that Verisign cross-signed one of their
major root certs (VeriSign
On 25/02/15 13:18, Matt Caswell wrote:
This is not a bug as such in OpenSSL but an addition to the existing
verify algorithm. As such this won't be backported to released versions
(which only receive bug fixes). It will however be in OpenSSL 1.1.0.
I should add that OpenSSL 1.0.2 does
This is an old bug from 2011, generated originally by someone who put a
self-signed cert in their cert chain. Until now, it's been ignored.
It's become a big problem now that Verisign cross-signed one of their
major root certs (VeriSign Class 3 Public Primary Certification
Authority - G5). Their