On 24/02/15 21:28, na...@sitetruth.com via RT wrote:
This is an old bug from 2011, generated originally by someone who put a
self-signed cert in their cert chain. Until now, it's been ignored.
It's become a big problem now that Verisign cross-signed one of their
major root certs (VeriSign
On 24/02/15 21:28, na...@sitetruth.com via RT wrote:
This is an old bug from 2011, generated originally by someone who put a
self-signed cert in their cert chain. Until now, it's been ignored.
It's become a big problem now that Verisign cross-signed one of their
major root certs (VeriSign
On 25/02/15 13:18, Matt Caswell wrote:
This is not a bug as such in OpenSSL but an addition to the existing
verify algorithm. As such this won't be backported to released versions
(which only receive bug fixes). It will however be in OpenSSL 1.1.0.
I should add that OpenSSL 1.0.2 does
Closing this ticket, as per my previous comments.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Patch applied. Many thanks.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Steve has added documentation for this. Closing ticket.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Please see the following commits to master in relation to this issue:
da084a5ec6
15dba5be6a
25690b7f5f
fa7b01115b
The behaviour is now that openssl will attempt to build a trust chain as it did
previously. If that fails, it will then look to see if there is an alternative
chain that can be
The patch I mentioned previously has now been applied to master in the
following commits:
da084a5ec6
15dba5be6a
25690b7f5f
fa7b01115b
The behaviour is now that openssl will attempt to build a trust chain as it did
previously. If that fails, it will then look to see if there is an alternative
