[openssl-dev] [openssl.org #4644] bug: cert verification always examining entire chain
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Aug 9 02:08:37 UTC 2016
On Tue, Aug 09, 2016 at 01:45:24AM +0000, William M Edmonds via RT wrote:
> If I specify a CAfile that includes the leaf certificate and/or
> intermediate CA certificates, but not the root certificate, then
> verification fails.
As expected, unless you use the "-partial" flag in the command-line
utilities, or use the X509_VERIFY_PARAM_set_flags() to set the
X509_V_FLAG_PARTIAL_CHAIN flag when using the API.
This ticket should be closed.
--
Viktor.
More information about the openssl-dev
mailing list