[openssl-dev] [openssl.org #3621] Support legacy CA removal, ignore unnecessary intermediate CAs in SSL/TLS handshake by default
Matt Caswell via RT
rt at openssl.org
Wed Feb 25 09:23:19 UTC 2015
Please see the following commits to master in relation to this issue:
da084a5ec6
15dba5be6a
25690b7f5f
fa7b01115b
The behaviour is now that openssl will attempt to build a trust chain as it did
previously. If that fails, it will then look to see if there is an alternative
chain that can be constructed that does succeed. This behaviour can be
suppressed using the X509_V_FLAG_NO_ALT_CHAINS flag - this will make openssl
behave as it does now.
Closing this ticket.
Matt
More information about the openssl-dev
mailing list