Message191352
As expected it is much harder to get the full certification chain from OpenSSL than I initially expected. SSL_get_peer_cert_chain() doesn't return the root CA's certificate. The new patch introduces a validation mode and uses X509_verify_cert(*X509_STORE_CTX) + X509_STORE_CTX_get1_chain() to build a full chain. |
|
Date |
User |
Action |
Args |
2013-06-17 18:07:25 | christian.heimes | set | recipients:
+ christian.heimes |
2013-06-17 18:07:25 | christian.heimes | set | messageid: <1371492445.72.0.758102030613.issue18233@psf.upfronthosting.co.za> |
2013-06-17 18:07:25 | christian.heimes | link | issue18233 messages |
2013-06-17 18:07:25 | christian.heimes | create | |
|