[openssl-dev] [openssl.org #2768] Bug: internal_verify() hides errors from callbacks after X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
Alex Rousskov via RT
rt at openssl.org
Mon Feb 1 20:34:44 UTC 2016
On 02/01/2016 12:40 PM, Rich Salz via RT wrote:
> there does not seem to be anything for openssl to do here.
OpenSSL can do one of these two things (at least):
* Start reporting post-X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE errors
to callbacks [instead of hiding them].
* Adjust SSL_CTX_set_verify documentation to indicate that no errors are
reported to callbacks after X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
[instead of saying that all errors are reported].
> also the verify_chain code is changigng a lot in 1.1
I hope this problem will be taken into consideration during the rewrite.
Thank you,
Alex.
More information about the openssl-dev
mailing list