Hello Dan and Matthew, thanks for working on this. I gave the debdiffs a look, skimmed through openssl changes, and don't see any reason to not do this. There *are* larger changes to that function in https://github.com/openssl/openssl/commit/1e41dadfa7b9f792ed0f4714a3d3d36f070cf30e -- but it's a fairly invasive change, and I'm not recommending or suggesting we take it instead. It'd be nice though if someone could double-check the certs in question against a build that uses this newer commit and make sure that we're not backporting a very short-lived functional change.
Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926254 Title: x509 Certificate verification fails when basicConstraints=CA:FALSE,pathlen:0 on self-signed leaf certs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1926254/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
