[openssl-dev] [openssl-users] Failed to access LDAP server when a valid certificate is at <hash>.1+
Benjamin Kaduk
bkaduk at akamai.com
Tue Jan 9 14:20:29 UTC 2018
On 01/09/2018 12:53 AM, Misaki Miyashita wrote:
>
>
> On 01/ 8/18 04:46 PM, Misaki Miyashita wrote:
>> (switching the alias to openssl-dev at openssl.org)
>>
>> I would like to suggest the following fix so that a valid certificate
>> at <hash>.x can be recognized during the cert validation even when
>> <hash>.0 is linking to a bad/expired certificate. This may not be
>> the most elegant solution, but it is a minimal change with low impact
>> to the rest of the code.
>>
>> Could I possibly get a review on the change? and possibly be
>> considered to be integrated to the upstream?
>> (This is for the 1.0.1 branch)
>
> Sorry, I meant to say it is for the 1.0.2 branch.
>
Except in exceptional circumstances, code only ends up in the 1.0.2
branch after having first gotten into the master branch and then the
1.1.0 branch. The current release policy only allows bug fixes to be
backported to the stable branches, not new features. To me, this code
seems more like a new feature than a bugfix, though I do not claim to
speak authoritatively on the matter.
The preferred mechanism for submitting patches is as github pull
requests (against the master branch, with a note in the pull request
message if the backport is desired).
-Ben
More information about the openssl-dev
mailing list