On Sat, Mar 16, 2002 at 12:06:15AM -0800, Tom Wu wrote:
> In both 0.9.6c and 0.9.7-SNAP, the function "ssl_verify_alarm_type" in
> ssl/s3_both.c seems to be missing the newest x509 verification error
> codes, like X509_V_ERR_INVALID_PURPOSE, in the switch statment. If such
> a verification error is encountered, the switch will fall through and an
> "unknown ca" alert (SSL_AD_CERTIFICATE_UNKNOWN) will be returned,
> instead of SSL_AD_UNSUPPORTED_CERTIFICATE in this case. I can submit a
> patch, if anyone is interested.
Indeed. If you have it at hand, please submit it to openssl-dev.
(Don't forget to CC to [EMAIL PROTECTED]).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
