[openssl-dev] [openssl.org #4644] bug: cert verification always examining entire chain
David Woodhouse
dwmw2 at infradead.org
Tue Aug 9 09:53:59 UTC 2016
On Tue, 2016-08-09 at 02:08 +0000, Viktor Dukhovni wrote:
> On Tue, Aug 09, 2016 at 01:45:24AM +0000, William M Edmonds via RT wrote:
>
> >
> > If I specify a CAfile that includes the leaf certificate and/or
> > intermediate CA certificates, but not the root certificate, then
> > verification fails.
>
> As expected, unless you use the "-partial" flag in the command-line
> utilities, or use the X509_VERIFY_PARAM_set_flags() to set the
> X509_V_FLAG_PARTIAL_CHAIN flag when using the API.
Is there an equivalent for 1.0.1?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160809/1401309b/attachment.bin>
More information about the openssl-dev
mailing list