[openssl-dev] [openssl.org #2768] Bug: internal_verify() hides errors from callbacks after X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
Alex Rousskov via RT
rt at openssl.org
Mon Feb 1 23:38:49 UTC 2016
On 02/01/2016 02:32 PM, openssl-dev at openssl.org via RT wrote:
> Please be more explicit about what errors you feel were not reported.
One specific error mentioned during the previous discussion was "expired
certificate". This was ~four years ago, so my recollection may be
faulty, but I believe that was _not_ the only hidden error.
Back then, Stephen Henson semi-confirmed that some errors were hidden
[because they were considered meaningless], so I hope we did not
misdiagnose the issue. I do not know whether the code has changed since
then.
If you have not seen the previous discussion, you can see it at [1] but
there is probably a better/RT-specific place for that (which I do not
have access to).
[1]
http://openssl.6102.n7.nabble.com/openssl-org-2768-Bug-internal-verify-hides-errors-from-callbacks-after-X509-V-ERR-UNABLE-TO-VERIFY-LE-td34778.html
HTH,
Alex.
More information about the openssl-dev
mailing list