[openssl-users] Failed to access LDAP server when a valid certificate is at <hash>.1+
misaki.miyashita at oracle.com
Wed Oct 25 14:31:51 UTC 2017
Thanks for the reply, Viktor.
Is it possible to keep searching for a valid certificate if the first
matching certificate was not valid?
Our customer claims that the NSS Mozilla didn't have this issue, so this
is considered a regression for us.
On 10/21/2017 3:21 PM, Viktor Dukhovni wrote:
> On Oct 21, 2017, at 11:20 AM, Misaki Miyashita <misaki.miyashita at oracle.com> wrote:
>> We encountered a problem using OpenLDAP with OpenSSL when there were more than one certificate with the same subject.
>> Does OpenSSL stop searching for a valid certificate when it finds a certificate with matching DN?
> Yes, when a matching issuer is found in the trust store, but is expired
> no alternative certificates will be tested. You need to remove outdated
> issuer certificates from your trust store before they expire.
More information about the openssl-users