[[EMAIL PROTECTED] - Fri Feb 14 23:42:02 2003]: > Hello Steve, > > Stephen Henson via RT wrote: > > I've committed a fix to address this issue which will appear in the next > > dev and stable snapshot (i.e. so it will appear in 0.9.7a). > > > > Let me know of any problems ASAP. > > I finally got around to do some quick tests. > > Seems to be OK. > > Could SSL_MODE_NO_AUTO_CHAIN be the default, > with an additional flag SSL_MODE_AUTO_CHAIN ? > > > Now I have to ask Ralf Engelschall to set > the flag in mod_ssl... >
If you don't mind including the root CA or there are more than 2 certs in the chain then SSL_CTX_add_extra_chain_cert() will work because that automatically disables the auto chain now. You only need that new mode flag in the exceptional case where you have a chain consisting of two certificates and you specifically want to omit the root CA. Changing the default behaviour is likely to break existing applications that rely on it so I can't really do that. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
