Looks like I was wrong, the 2 internal certificates that reproduce the issue do in fact share the key (only a 3rd, even newer certificate has a different key). So, key reuse is an essential part of this problem - however, I can now reproduce it with a trust store containing no expired certificates.
Testcase coming soon, I got the OK from our IT department. > -------------------------------------------------------------------------- This message, including its attachments, is confidential. For more information please read NNG's email policy here: http://www.nng.com/emailpolicy/ By responding to this email you accept the email policy. -----Original Message----- > From: Salz, Rich via RT [mailto:r...@openssl.org] > Sent: Tuesday, June 21, 2016 3:39 PM > To: Gábor STEFANIK <gabor.stefa...@nng.com> > Cc: openssl-dev@openssl.org > Subject: RE: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile > cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways > > Yes, it should not crash. But without more information it is hard/impossible > to debug. > > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580 > Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
