[openssl-users] Failed to access LDAP server when a valid certificate is at <hash>.1+
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Jan 8 23:57:22 UTC 2018
> On Jan 8, 2018, at 5:46 PM, Misaki Miyashita <misaki.miyashita at oracle.com> wrote:
>
> I would like to suggest the following fix so that a valid certificate at <hash>.x can be recognized during the cert validation even when <hash>.0 is linking to a bad/expired certificate. This may not be the most elegant solution, but it is a minimal change with low impact to the rest of the code.
The patch looks wrong to me. It seems to have a memory leak.
It is also not clear that with CApath all the certificates will
already be loaded, so the iterator may not find the desired
matching element.
> Could I possibly get a review on the change? and possibly be considered to be integrated to the upstream?
> (This is for the 1.0.1 branch)
The 1.0.1 branch is no longer supported.
--
Viktor.
More information about the openssl-users
mailing list