On 02/01/2016 12:40 PM, Rich Salz via RT wrote: > there does not seem to be anything for openssl to do here.
OpenSSL can do one of these two things (at least): * Start reporting post-X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE errors to callbacks [instead of hiding them]. * Adjust SSL_CTX_set_verify documentation to indicate that no errors are reported to callbacks after X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE [instead of saying that all errors are reported]. > also the verify_chain code is changigng a lot in 1.1 I hope this problem will be taken into consideration during the rewrite. Thank you, Alex. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev