On 15/09/17 00:05, Salz, Rich via openssl-users wrote:
>
> ➢ But the patch was put in git almost 10 months before 1.0.2 initial
> release.
>
> We weren’t using git back then. So maybe it’s a bad/confusing import. Maybe
> matt can explain.
>
Actually I think we were using git at
➢ But the patch was put in git almost 10 months before 1.0.2 initial
release.
We weren’t using git back then. So maybe it’s a bad/confusing import. Maybe
matt can explain.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 14/09/2017 23:06, Salz, Rich via openssl-users wrote:
➢ However for some unknown reason, this was not included in 1.0.2
which thus still rejects all such certificate chains.
Because it was seen to be a feature, not a bug-fix?
But the patch was put in git almost 10 months
➢ However for some unknown reason, this was not included in 1.0.2
which thus still rejects all such certificate chains.
Because it was seen to be a feature, not a bug-fix?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Way back in May 2014, there was a patch by Matt Casswell to not
incorrectly reject all certificate chains with IP address name
constraints and actual IP address names
(dd36fce023a64d90058b8fefbd95dadaca98f9ca).
However for some unknown reason, this was not included in 1.0.2
which thus still