[openssl-dev] [openssl.org #4580] "openssl verify -CAfile cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways
Gábor STEFANIK via RT
rt at openssl.org
Tue Jun 21 14:11:26 UTC 2016
Looks like I was wrong, the 2 internal certificates that reproduce the issue do in fact share the key (only a 3rd, even newer certificate has a different key). So, key reuse is an essential part of this problem - however, I can now reproduce it with a trust store containing no expired certificates.
Testcase coming soon, I got the OK from our IT department.
>
--------------------------------------------------------------------------
This message, including its attachments, is confidential. For more information please read NNG's email policy here:
http://www.nng.com/emailpolicy/
By responding to this email you accept the email policy.
-----Original Message-----
> From: Salz, Rich via RT [mailto:rt at openssl.org]
> Sent: Tuesday, June 21, 2016 3:39 PM
> To: Gábor STEFANIK <Gabor.STEFANIK at nng.com>
> Cc: openssl-dev at openssl.org
> Subject: RE: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile
> cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways
>
> Yes, it should not crash. But without more information it is hard/impossible
> to debug.
>
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580
> Please log in as guest with password guest if prompted
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list