On Wed, 18 Feb 2004, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Wed, 18 Feb 2004 10:40:26 +0100 (MET), "Dave > Roberts via RT" <[EMAIL PROTECTED]> said: > > rt> It also copes if they have the same Serial Number as well. > > The only way to cope with that situation is to return an error. The > serial number must be unique for each certificate issued by one CA. > This includes self-signed ones.
Quite. Maybe my wording wasn't correct. If the Issuer/Serial is the same for 2 certificates, but the certificates are not the same, then my patch will return an error of X509_V_ERR_DIFFERENT_SELF_SIGNED_CERT. In the current code, X509_check_issued() would return X509_V_OK in that situation because the only check made if no AKID is present, is that the Issuer = Subject. - DR ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
