https://issues.apache.org/bugzilla/show_bug.cgi?id=47408
--- Comment #2 from Peter Sylvester <[email protected]> 2009-06-23 06:41:04 PST --- In crypto/x509/x509_vfy.c : the call back is called explicitely with no certficate under two circumstances: - When there is no acceptable explicit certficationpolicy found. - To notify the active policy. in the check_policy routine which is invoked after presenting each certficate in the chain to the callback, the callback is called again. if (ret == -2) { ctx->current_cert = NULL; ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; return ctx->verify_cb(0, ctx); } if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { ctx->current_cert = NULL; ctx->error = X509_V_OK; if (!ctx->verify_cb(2, ctx)) return 0; } The "previous" cert had already be presented to the verify callback, so it was already logged by apache. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
