Ramkumar Venketaramani wrote:
>
> Hi,
>
> I am trying to verify a server cert that is signed by a Intermediate CA
> (like Verisign International Server CA) but am getting a "Invalid
> Certificate" error. I understand from the mailing list that this is a known
> issue and there is a fix for this problem (the extended key usage bug). My
> question is, what files do I need to take from latest snapshot to get around
> this issue.
>
> I cannot upgrade to OpenSSL 0.96 right now as we are pretty late in the
> development cycle and hence cannot take the risk of migrating to a new
> version of OpenSSL. I would rather go with a patch.
>
This should work...
In the file crypto/x509v3/v3_purp.c from OpenSSL 0.9.5a delete the
functions check_purpose_ssl_client() and check_purpose_ssl_server().
Replace these with the same functions in OpenSSL 0.9.6 and also the
function check_ssl_ca().
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
