Arno Garrels wrote:
Paul wrote:
They've done this before.
Yes, I noticed this as well earlier with a CA path lookup (hashed
filenames). But it's the same when you use a CA bundle file.
Internally they lookup issuers by name which may be fast, however is
unreliable. IMO they should be looking up issuer certs by fingerprint.
I always add my own CA list to avoid these problems.
But how to tell your customers that you do not support all certs of
the MS Root Certificate Program??
Firefox works around it like you, they simply do not imclude those
trouble-certs.
Correction (just for the record), they do not include them that's true,
however when they are added to the store they are handled correctly.
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be