On Fri, Sep 22, 2000 at 03:31:06PM +0200, Lutz Jaenicke wrote:
> I just tried Postfix/TLS 0.9.6 and found problems with certificate
> verification:
> 0.9.6 returned X509_V_ERR_SUBJECT_ISSUER_MISMATCH on a completely valid
> certificate. [...]
Do you use a verify_callback? I'm working over a rather slow
SSH connection right now and so cannot easily look at all the relevant
code, but line 156 in x509_vfy.c looks suspicious to me --
it uses check_issued just to determine wether the chain is complete
(a self-signed cert has been reached), and check_issued calls
the callback if this is not the case. But since this is not
the verification stage, just preparation for it, I don't think
the callback should be called. Steve?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
