[openssl-users] TLS handshake certificate validation options

Tong tongwangchen at gmail.com
Mon Jul 16 15:18:57 UTC 2018


Dear openssl-users:

We have some old certificates that have ill-formed value for the
subjectAltName extension, causing the TLS handshake to fail.

Are there any options that can be configured to by-pass the parsing of the
subjectAltName extension (or all the x509v3 extensions) during TLS
handshake, without disabling the certificate validation all together?

Thanks for any suggestions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180716/e021f645/attachment.html>


More information about the openssl-users mailing list