Re: [openssl-dev] [openssl.org #2634] Cross-signed certs rejected by OpenSSL because root cert not base of chain

On 24/02/15 21:28, na...@sitetruth.com via RT wrote: This is an old bug from 2011, generated originally by someone who put a self-signed cert in their cert chain. Until now, it's been ignored. It's become a big problem now that Verisign cross-signed one of their major root certs (VeriSign

Re: [openssl-dev] [openssl.org #2634] Cross-signed certs rejected by OpenSSL because root cert not base of chain

On 24/02/15 21:28, na...@sitetruth.com via RT wrote: This is an old bug from 2011, generated originally by someone who put a self-signed cert in their cert chain. Until now, it's been ignored. It's become a big problem now that Verisign cross-signed one of their major root certs (VeriSign

Re: [openssl-dev] [openssl.org #2634] Cross-signed certs rejected by OpenSSL because root cert not base of chain

On 25/02/15 13:18, Matt Caswell wrote: This is not a bug as such in OpenSSL but an addition to the existing verify algorithm. As such this won't be backported to released versions (which only receive bug fixes). It will however be in OpenSSL 1.1.0. I should add that OpenSSL 1.0.2 does

[openssl-dev] [openssl.org #2634] Cross-signed certs rejected by OpenSSL because root cert not base of chain

This is an old bug from 2011, generated originally by someone who put a self-signed cert in their cert chain. Until now, it's been ignored. It's become a big problem now that Verisign cross-signed one of their major root certs (VeriSign Class 3 Public Primary Certification Authority - G5). Their