Hello, I have noticed a problem while using TC Trustcenter certificates with OpenSSL. The encoding of the 'Subject' in the issuer cert contrains 'T61String' elements while the user cert issued by that sub-CA contains only 'Printablestring' in the 'Issuer' field. Based on that difference in types, OpenSSL is unable to a) find the issuer cert in the certstore because the hashes are different and b) locate the certificate in the stack using sk_find after I placed the issuer cert in the store twice, with both names/hashes.
Neither 0.9.7e nord 0.9.8 are able to build the cert chain. I did some debugging with 0.9.7e, which lead me to the conclusions stated above. I rate this behaviour as a bug because the connection between two certs shouldn't be based on the way a string is encoded but on it's value. I'm working on a temp workaround for our specific case but it's by no means a fix for the problem. Best Regards, Robert Esterer ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]