Sjoerd, Nico,
I filed an OpenSSL issue, and Stephen Henson replied:
"It is only needed if certificates use algorithms other than the
mandatory ones for general SSL/TLS use. This
hasn't been an issue in the past but more and more certificates are
starting to appear using the SHA2 algorithms."
-- <http://rt.openssl.org/Ticket/Display.html?id=2224>
- see <http://openssl.org/support/rt.html> for access credentials.
So perhaps that explains why it has gone unnoticed all the time - if
certificates only used the mandatory algorithms, it simply wasn't needed.
--
Matthias Andree
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
