[openssl-dev] [openssl.org #2768] Bug: internal_verify() hides errors from callbacks after X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE

Viktor Dukhovni via RT rt at openssl.org
Wed Feb 3 22:00:04 UTC 2016


> On Feb 3, 2016, at 4:18 PM, Daniel Kahn Gillmor via RT <rt at openssl.org> wrote:
> 
> if the cert at the top of the chain is self-signed, it's entirely
> reasonable to say that the expiration date is meaningful.  For example,
> I could distribute a certificate for a root authority which i intend to
> only be useful for 2 years.

That's expressly not the case here, as the certificate is not even self-issued,
let alone self-signed.

-- 
	Viktor.




More information about the openssl-dev mailing list