Understood. My main reason for telling them is that Google Chrome complains
bitterly when asked to download a http link from a page that was fetched with
https.
I hadn't noticed that yesterday because I was analyzing the problem on a Linux
VM and copy-pasted all the URLs from Chrome on my
On Fri, Sep 16, 2022 at 02:11:38PM +, Andrew Lynch via openssl-users wrote:
> http://sm-pkitest.atos.net/cert/Atos-Smart-Grid-Test.CA.2.crt
>
> I’ve also asked my colleagues why the download is http instead of https…
You should look to multiple independent sources to validate the
Oops, sorry. The correct intermediate is of course also SN2.
http://sm-pkitest.atos.net/cert/Atos-Smart-Grid-Test.CA.2.crt
Fingerprint a0 6d 32 c3 56 7d 8e 20 0f a3 8e d3 d0 0a 04 21 2a 0a 1e ae
I’ve also asked my colleagues why the download is http instead of https…
Von:
Hi Corey,
I believe Victor has explained the issue sufficiently (thanks!). Just for
completeness here are the actual root certificates relevant to the question.
They are part of the German national Smart Metering environment:
SM-Test-Root-CA SN1 (O=SM-Test-PKI)
CN=SM-Test-Root.CA,
On Fri, Sep 16, 2022 at 08:32:27AM +, Andrew Lynch via openssl-users wrote:
> So is this a possible bug or a feature of OpenSSL 1.1.1? (using
> 1.1.1n right now)
OpenSSL 1.1.1 is doing the right thing.
> If I set up the content of CAfile or CApath so that E <- D <- C <- A
> is the only
Hi Andrew,
Can you provide the actual subject DNs for each certificate? RFC 5280 specifies
that self-issued certificates (i.e., issuer DN == subject DN) are not
considered in the pathLen calculation, so knowing whether these certificates
are self-issued or not may be helpful in better
Dear OpenSSL Team,
While migrating to OpenSSL 3.0 we are facing issue with use of
DH_generate_key(). Getting dh->pub_key NULL.
Logic used is as given below, I have omitted the error handling code.
* p and g buffer is of type unsigned char *
* p_len is 128 and g_len is 1.
So is this a possible bug or a feature of OpenSSL 1.1.1? (using 1.1.1n right
now)
If I set up the content of CAfile or CApath so that E <- D <- C <- A is the
only path that can be taken then the validation fails with
error 25 at 3 depth lookup: path length constraint exceeded
If I create the