[openssl-dev] [openssl.org #4233] [bug][openssl verify] pre-valid certificate return code inconsistency
Zak Blacher via RT
rt at openssl.org
Wed Jan 13 18:58:14 UTC 2016
Hi folks,
I've found an inconsistency in the return status of 'openssl verify'. I've
attached a custom dummy ca, and an example certificate. This certificate is
valid for some date range in the future.
On my redhat machine (openssl 1.0.1e), running openssl verify will return a
status code of 2, but in osx (openssl 0.98zg), the return status is 0. In
both cases, I correctly see an error 9 in the function output.
The behavior of validating an expired certificate returns a status code of
0 on both systems.
-Zak
*Zak Blacher*
Software Engineer
Security Infrastructure
206.453.9955
zblacher at linkedin.com
linkedin.com/in/zakblacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dates_+10y_to_+20y.pem
Type: application/x-x509-ca-cert
Size: 2078 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160113/76e17124/attachment-0002.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dummy-ca.crt
Type: application/x-x509-ca-cert
Size: 7581 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160113/76e17124/attachment-0003.crt>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list