[openssl-dev] [openssl.org #4644] bug: cert verification always examining entire chain
William M Edmonds via RT
rt at openssl.org
Tue Aug 9 18:10:22 UTC 2016
Why do you have to trust root CAs? Why can't you trust at a lower level,
e.g. an intermediate CA or even a leaf certificate that is not a CA at all?
Allowing this should inject no security issue and in fact enhance security
by allowing you to be more restrictive in what you are willing to trust.
W. Matthew Edmonds
IBM Systems & Technology Group
Email: edmondsw at us.ibm.com
Phone: (919) 543-7538 / Tie-Line: 441-7538
From: Rich Salz via RT <rt at openssl.org>
To: William M Edmonds/Raleigh/IBM at IBMUS
Cc: openssl-dev at openssl.org
Date: 08/08/2016 09:47 PM
Subject: [openssl.org #4644] bug: cert verification always examining
entire chain
You have to create a trust store with the CA's that you trust.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644
Please log in as guest with password guest if prompted
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160809/bd218d6f/attachment.gif>
More information about the openssl-dev
mailing list