On 08/29/2010 07:38 PM, Mounir IDRASSI wrote:
 Hi Peter,

Thank you for your comments.
As I said, this kind of debates can be very heated and going down this road don't lead usually to any results.
The debate may be whether and how something should be
done in openssl, I admit I had started that one.
I am the first one to wish that the PKI world out there is ideal and everyone uses correctly validated modules. Unfortunately, we constantly have to balance between correctness and practicalness.
Some programs are not strict in verification, so be it.
But that has nothing to do with the fact that the certs in question are
not correctly encoded and may create unexpected behaviour...

Concerning Firefox check, I have managed to load the chain and to validate it correctly using Firefox 3.6.8 under Windows and Ubuntu 10.04. I'm attaching screenshots.
Try edit the trustsetting.

Or: Try load them without setting any trust during loading
and to set some later through the certificate management.

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to