[openssl-dev] [openssl.org #3621] Support legacy CA removal, ignore unnecessary intermediate CAs in SSL/TLS handshake by default
Matt Caswell
matt at openssl.org
Mon Mar 16 18:22:07 UTC 2015
On 16/03/15 09:45, Kai Engert via RT wrote:
> Thank you very much for your work on this issue!
> In my testing so far, it works as requested.
>
> I noticed the code changes in x509_vfy.c apply fine on top of the 1.0.2
> stable branch, and the test suite succeeeds.
>
> Will you consider to add this enhancement in a feature release on the
> 1.0.2 branch?
Hi Kai
It is our policy to only add defect fixes to released branches. Only in
exceptional circumstances will we add a new feature (usually because of
some security issue). Therefore I think it is highly unlikely that this
will be included in any future 1.0.2 release, and there are no current
plans to do so.
Matt
More information about the openssl-dev
mailing list