On Mon, 2009-06-01 at 17:15 -0400, Victor Duchovni wrote: > > I found another strange behaviour that I didn't expect -- the _order_ of > > the certificates in the cafile seems to be important. > > Yes, the TLS protocol requires the trust chain to be delivered bottom-up.
That makes sense, but we're talking about the order of the certificates in the cafile, not on the wire. OpenSSL really ought to get that right. The problem turned out to be that OpenSSL was picking the _wrong_ certificates. http://rt.openssl.org/Ticket/Display.html?id=1942&user=guest&pass=guest -- dwmw2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
