From: Lutz Jaenicke <[EMAIL PROTECTED]> Lutz.Jaenicke> I know we are already in beta3, but... Lutz.Jaenicke> I just tried Postfix/TLS 0.9.6 and found problems with certificate Lutz.Jaenicke> verification: Lutz.Jaenicke> 0.9.6 returned X509_V_ERR_SUBJECT_ISSUER_MISMATCH on a completely valid Lutz.Jaenicke> certificate. If my analysis is correct, the following happens: Lutz.Jaenicke> All certificates are in one CAfile and when looking up the CA certificate Lutz.Jaenicke> in question, crypto/x509/x509_vfy.c:find_issuer runs through the Lutz.Jaenicke> stack formed from the entries in CAfile. Since the certificate is Lutz.Jaenicke> however not the first one in the file, the check in Lutz.Jaenicke> crypto/x509/x509_vfy.c:check_issuer fails and Lutz.Jaenicke> X509_V_ERR_SUBJECT_ISSUER_MISMATCH is written into ctx->error Have you experimented with s_server. I'm looking at s_cb.c, and can find no change to cover for that status. -- Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, Celo Communications: http://www.celocom.com/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [BUG] X509_V_ERR_SUBJECT_ISSUER_MISMATCH weirdness
Richard Levitte - VMS Whacker Fri, 22 Sep 2000 06:36:23 -0700
- [BUG] X509_V_ERR_SUBJECT_ISSUER_MISMATCH wei... Lutz Jaenicke
- Richard Levitte - VMS Whacker
