[openssl-users] OpenSSL 1.0.2d X509_verify_cert function does not work as used to with chain of certificates
Viktor Dukhovni
openssl-users at dukhovni.org
Sun Nov 15 19:56:10 UTC 2015
On Sun, Nov 15, 2015 at 07:00:06PM +0530, Jayalakshmi bhat wrote:
> In earlier version of OpenSSL (i.e OpenSSL 1.0.1c) X509_verify_cert had a
> check * if (params->trust >0)* before invoking check_trust function.
The OpenSSL source code is available via git:
https://github.com/openssl/openssl.git
The branch containing 1.0.2c and 1.0.2d is "OpenSSL_1_0_2-stable".
Can you point to the commit that makes the change in question?
> This has been removed in OpenSSL 1.0.2d. Does it mean applications are
> expected to set the X509_VERIFY_PARAM properly?
I don't see any changes that match your description.
--
Viktor.
More information about the openssl-users
mailing list