[openssl-users] Why wasn't the fix for IP name restrictions included in 1.0.2 ?
Jakob Bohm
jb-openssl at wisemo.com
Thu Sep 14 21:03:39 UTC 2017
Way back in May 2014, there was a patch by Matt Casswell to not
incorrectly reject all certificate chains with IP address name
constraints and actual IP address names
(dd36fce023a64d90058b8fefbd95dadaca98f9ca).
However for some unknown reason, this was not included in 1.0.2
which thus still rejects all such certificate chains.
Why?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list