On 25/02/15 13:18, Matt Caswell wrote: > This is not a bug as such in OpenSSL but an addition to the existing > verify algorithm. As such this won't be backported to released versions > (which only receive bug fixes). It will however be in OpenSSL 1.1.0.
I should add that OpenSSL 1.0.2 does already have the X509_V_FLAG_TRUSTED_FIRST flag (-trusted_first option to s_client) that does a very similar job in a slightly different way. However, it is not the default like the new commits. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev