[openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Dec 4 23:19:53 UTC 2018
> "Provided chain ends with unknown self-signed certificate".
I like this.
IMHO "unrecognized" would be more confusing.
I hope the team makes up their mind quickly.
On 12/4/18, 6:17 PM, "openssl-users on behalf of Michael Wojcik" <openssl-users-bounces at openssl.org on behalf of Michael.Wojcik at microfocus.com> wrote:
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Jakob Bohm via openssl-users
> Sent: Tuesday, December 04, 2018 08:15
> > Care to create a PR against the "master" branch? Something
> > along the lines of:
> >
> > "Provided chain ends with untrusted self-signed certificate"
> >
> > or better. Here "untrusted" might mean not trusted for the requested
> > purpose, but more precise is not always more clear.
> >
> Perhaps s/untrusted/unknown/ as in
>
> "Provided chain ends with unknown self-signed certificate".
Yes, that might be better. Or maybe "unrecognized". Of course there's scope for someone to misinterpret regardless of which term is used. I can suggest various alternatives in the PR and let the team decide.
> Or even better, two different error codes:
>
> - "Only self-signed end certificate provided"
>
> - "Provided chain ends with unknown root certificate"
>
> (Deciding which one keeps the old error code is left as
> an exercise).
I can raise that as a possibility too, in the PR. Obviously it's a bit more work than simply changing the existing text.
--
Michael Wojcik
Distinguished Engineer, Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181204/d95d11a5/attachment-0001.bin>
More information about the openssl-users
mailing list