[openssl-users] OpenSSL Security Advisory - CVE-2015-1793

[Salz, Rich]

>How deep does the certificate chain have to be?

It does not matter.

>If I have 2 self-signed CA certificates, and a non-CA certificate is received for verification, will this hit the problem?
>Also, is it a condition of the bug that both CA certificates have to have the same subject names and keys, as suggested in the file?

I think you are confused.  The bug is not about CA's.  It's about a non-CA fooling the runtime into treating it as if it were a CA and being able to issue a certificate.