Arno Garrels wrote: > Paul wrote: >> They've done this before. > > Yes, I noticed this as well earlier with a CA path lookup (hashed > filenames). But it's the same when you use a CA bundle file. > Internally they lookup issuers by name which may be fast, however is > unreliable. IMO they should be looking up issuer certs by fingerprint. > >> I always add my own CA list to avoid these problems. > > But how to tell your customers that you do not support all certs of > the MS Root Certificate Program?? > Firefox works around it like you, they simply do not imclude those > trouble-certs.
Correction (just for the record), they do not include them that's true, however when they are added to the store they are handled correctly. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
