Paul wrote:
> They've done this before.

Yes, I noticed this as well earlier with a CA path lookup (hashed filenames).
But it's the same when you use a CA bundle file.
Internally they lookup issuers by name which may be fast, however is 
unreliable. IMO they should be looking up issuer certs by fingerprint.    

> I always add my own CA list to avoid these problems.

But how to tell your customers that you do not support all certs of
the MS Root Certificate Program??
Firefox works around it like you, they simply do not imclude those 

Arno Garrels 

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to