<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Q: Does OpenSSL's trust-list verification support trusting
multiple certificates with the same subject name and overlapping
validity periods?</p>
<p>In more detail:</p>
<p>We have customers who issue replacement certificates with the
same subject name and different validity periods. We'd like to be
able to straightforwardly add the new certificates to the trust
list and have them work, but seem to find that certificate
verification doesn't handle the case. (Mozilla NSS does seem to
handle it.)<br>
</p>
<pre class="moz-signature" cols="72">--
Jordan Brown, Oracle Solaris</pre>
</body>
</html>