> On Feb 3, 2016, at 4:18 PM, Daniel Kahn Gillmor via RT
> wrote:
>
> if the cert at the top of the chain is self-signed, it's entirely
> reasonable to say that the expiration date is meaningful. For example,
> I could distribute a certificate for a root authority which i
> On Feb 3, 2016, at 4:18 PM, Daniel Kahn Gillmor via RT
> wrote:
>
> if the cert at the top of the chain is self-signed, it's entirely
> reasonable to say that the expiration date is meaningful. For example,
> I could distribute a certificate for a root authority which i
On Mon 2016-02-01 18:46:20 -0500, Viktor Dukhovni wrote:
> On Mon, Feb 01, 2016 at 11:38:49PM +, Alex Rousskov via RT wrote:
>
>> On 02/01/2016 02:32 PM, openssl-dev@openssl.org via RT wrote:
>>
>> > Please be more explicit about what errors you feel were not reported.
>>
>> One specific
there does not seem to be anything for openssl to do here. also the
verify_chain code is changigng a lot in 1.1
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe:
On Mon, Feb 01, 2016 at 08:34:44PM +, Alex Rousskov via RT wrote:
> On 02/01/2016 12:40 PM, Rich Salz via RT wrote:
> > there does not seem to be anything for openssl to do here.
>
> OpenSSL can do one of these two things (at least):
>
> * Start reporting
On 02/01/2016 12:40 PM, Rich Salz via RT wrote:
> there does not seem to be anything for openssl to do here.
OpenSSL can do one of these two things (at least):
* Start reporting post-X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE errors
to callbacks [instead of hiding them].
* Adjust
On Mon, Feb 01, 2016 at 11:38:49PM +, Alex Rousskov via RT wrote:
> On 02/01/2016 02:32 PM, openssl-dev@openssl.org via RT wrote:
>
> > Please be more explicit about what errors you feel were not reported.
>
> One specific error mentioned during the previous discussion was "expired
>
On 02/01/2016 02:32 PM, openssl-dev@openssl.org via RT wrote:
> Please be more explicit about what errors you feel were not reported.
One specific error mentioned during the previous discussion was "expired
certificate". This was ~four years ago, so my recollection may be
faulty, but I believe
However, after discovering X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
error, OpenSSL internal_verify() stops calling the callback due to this
code in crypto/x509/x509_vfy.c:
The reason for that is that any errors after that point are pretty
bogus. You only get that error if the certificate
On 03/23/2012 07:52 AM, Stephen Henson via RT wrote:
[rouss...@measurement-factory.com - Wed Mar 21 10:24:07 2012]:
A verification callback registered with SSL_CTX_set_verify() gets
called for most validation errors, as expected. The callback always
returns 1 (keep validating) result so
On 03/23/2012 07:52 AM, Stephen Henson via RT wrote:
[rouss...@measurement-factory.com - Wed Mar 21 10:24:07 2012]:
A verification callback registered with SSL_CTX_set_verify() gets
called for most validation errors, as expected. The callback always
returns 1 (keep validating) result so
[rouss...@measurement-factory.com - Wed Mar 21 10:24:07 2012]:
Hello,
A verification callback registered with SSL_CTX_set_verify() gets
called for most validation errors, as expected. The callback always
returns 1 (keep validating) result so that it can see all errors.
However,
Hello,
A verification callback registered with SSL_CTX_set_verify() gets
called for most validation errors, as expected. The callback always
returns 1 (keep validating) result so that it can see all errors.
However, after discovering X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
error, OpenSSL
13 matches
Mail list logo