> On May 31, 2019, at 3:20 PM, Jason Schultz wrote:
>
> My questions deal with #2: Why does OpenSSL include the root cert in the
> certificate chain?
The OpenSSL SSL_CTX_build_cert_chain(3) function constructs a complete
chain of trust for your certificate chain, based on the configured trust
Right, I realize it doesn't have to be sent, my questions are why is it sent
and is there a way to force OpenSSL to not send it?
You may have answered the first question as to "why?". But is OpenSSL doing
this just to make problems easier to diagnose? Are there other reasons?
More importantly,
The root cert is not used for validation, so it doesn't have to be
sent. However, sending it does no harm, and it is useful for humans
who are attempting to diagnose problems, it allows them to see what
what root cert they are expected to have locally for sucessful cert
chain validation.
I believe this behavior is common among all supported versions of OpenSSL, but
most of my testing has been with OpenSSL 1.0.2, the latest LTS release.
My application using OpenSSL is acting as a server. I have a server certificate
configured that has been signed by a self-signed/root
On 31/05/2019 16:23, Jakob Bohm via openssl-users wrote:
On 30/05/2019 02:10, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
Behalf Of J. J. Farrell
On 29/05/2019 18:39, ramakrushna mishra wrote:
In Openssl 1.1.1, the file "rc4-ia64.pl" is missing.
On 30/05/2019 02:10, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of J.
J. Farrell
Sent: Wednesday, May 29, 2019 15:02
On 29/05/2019 18:39, ramakrushna mishra wrote:
In Openssl 1.1.1, the file "rc4-ia64.pl" is missing. This cause degradation
On 31/05/2019 04:55, Swamy J-S wrote:
> Hi,
>
>
> I recently updated openssl from 1.0.2n to 1.1.0g in linux system.
>
>
> Earlier I was using
>
> "ASN1_INTEGER **c2i_ASN1_INTEGER*(ASN1_INTEGER **a, const unsigned char **pp,
> long len) " function. As this function is removed in openssl