[openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath
Michael.Wojcik at microfocus.com
Mon Dec 3 15:22:20 UTC 2018
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Saturday, December 01, 2018 13:53
> On Sat, Dec 01, 2018 at 07:12:24PM +0000, Michael Wojcik wrote:
> > > Are there compatibility concerns around changing error message
> > > text for which users may have created regex patterns in scripts?
> > >
> > > I agree the text could be better, but not sure in what releases
> > > if any to change the text, since the change may cause issues
> > > for some users.
> > Sure, this is always a concern. Maybe the change could be considered for
> > OpenSSL 3.0, since that's a major release.
> Care to create a PR against the "master" branch? Something
> along the lines of:
> "Provided chain ends with untrusted self-signed certificate"
> or better. Here "untrusted" might mean not trusted for the requested
> purpose, but more precise is not always more clear.
I should be able to do that. (My OpenSSL contributor paperwork is still in progress, but since this PR wouldn't include any actual code, I don't think I need to wait for that.)
May be a few days before I get a chance to do it.
Distinguished Engineer, Micro Focus
More information about the openssl-users