[openssl-users] OpenSSL Security Advisory - CVE-2015-1793

Matt Caswell matt at openssl.org
Fri Jul 10 21:10:37 UTC 2015



On 10/07/15 19:34, R C Delgado wrote:
> Hello,
> 
> One further question. Can you please confirm that the alternative
> certificate chain feature is enabled by default? It seems to be implied
> in all emails regarding this matter, and I'm assuming the Advisory email
> would have mentioned it otherwise.

Yes, it is enabled by default.

Matt

> 
> I've searched the OpenSSL code and seen that X509_V_FLAG_NO_ALT_CHAINS
> exists but is not set in the "flags" member by default when a new X509
> context is initialised. And my code does not modify the context to
> include this flag. 
> 
> Please let me know if I'm missing something.
> 
> (I'm using OpenSSL 1.0.1o)
> 
> Many thanks,
> RCD
> 
> 
> 
> 
> 
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 


More information about the openssl-users mailing list