[openssl-dev] [openssl.org #3721] Patch for additional checking of self-signed certificates
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Mar 2 18:31:46 UTC 2015
On Fri, Feb 27, 2015 at 09:14:08PM +0100, Short, Todd via RT wrote:
> Hello OpenSSL Org:
>
> This is a change that Akamai has made to its implementation of OpenSSL.
>
> Version: master branch
> Description: Additional checking of self-signed certificates.
>
> Check that in matching issuer/subject certs, that a self-signed subject also has a self-signed issuer.
> Given that the subject certificate is self-signed, it means that the issuer and the subject are the same certificate. This change verifies that.
>
> Github link:
> https://github.com/akamai/openssl/commit/faff94b732472616828fe724e09053f134ebb88b
What motivates this proposed change? What issues did you run into
without it?
--
Viktor.
More information about the openssl-dev
mailing list