[openssl-users] A self-signed CA certificate in the CA files *sometimes* stops verification working

Viktor Dukhovni openssl-users at dukhovni.org
Tue Sep 6 20:55:02 UTC 2016

On Tue, Sep 06, 2016 at 10:52:32PM +0200, Jakob Bohm wrote:

> Could this be related to the recent work to treat the list of
> certificates as a SET of potentially relevant certificates
> rather than as an ordered list of certificates that must form
> the trust chain?

No, just a violation of the PEM format.  PEM files are text
files so NUL bytes are not supported.

It so happens that leading NUL bytes don't work well as C strings,
and the PEM reader assumes that a zero length input line is
effectively EOF.


More information about the openssl-users mailing list