[openssl-dev] [openssl.org #3637] [PATCH] x509: skip certs if in alternative cert chain
Matt Caswell via RT
rt at openssl.org
Wed Feb 25 09:25:37 UTC 2015
The patch I mentioned previously has now been applied to master in the
following commits:
da084a5ec6
15dba5be6a
25690b7f5f
fa7b01115b
The behaviour is now that openssl will attempt to build a trust chain as it did
previously. If that fails, it will then look to see if there is an alternative
chain that can be constructed that does succeed. This behaviour can be
suppressed using the X509_V_FLAG_NO_ALT_CHAINS flag - this will make openssl
behave as it does now.
Closing this ticket.
Matt
More information about the openssl-dev
mailing list