I've discussed this one with Steve who tells me that this is a known bug. The current fix is to not have expired certificates in the trust store. It can be fixed but it has some complex consequences which need to be explored. Probably needs revision of the verification algorithm which is non-trivial.
I am assigning this to Steve to progress. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
