[openssl-users] OpenSSL Security Advisory - CVE-2015-1793

R C Delgado rcdelgado05 at gmail.com
Fri Jul 10 18:34:30 UTC 2015


One further question. Can you please confirm that the alternative
certificate chain feature is enabled by default? It seems to be implied in
all emails regarding this matter, and I'm assuming the Advisory email would
have mentioned it otherwise.

I've searched the OpenSSL code and seen that X509_V_FLAG_NO_ALT_CHAINS
exists but is not set in the "flags" member by default when a new X509
context is initialised. And my code does not modify the context to include
this flag.

Please let me know if I'm missing something.

(I'm using OpenSSL 1.0.1o)

Many thanks,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150710/7c65b576/attachment.html>

More information about the openssl-users mailing list