Am 2016-04-26 um 16:04 schrieb Stuart Henderson:
www.elstel.org.pem contains the following:
And this is certificate 0 from the chain; CN=elstel.org issued by
GeoTrust's "Secure Site Starter DV SSL CA - G2". So this one should
already be accepted, and shouldn't need any additional flag to do
so, except it's not working because you're running into this problem:
http://article.gmane.org/gmane.os.openbsd.tech/47048
Yes; that report is similar; as soon as any intermediate or leave
cert is known there should at least be a switch to accept that cert even
if the given root cert is missing. Basically it should be possible to
accept such a cert by default as well?
There is good reason to disable certain root certs as many rogue
certs issued for intelligence services are known to be circulating.
When will that bug be fixed for the ftp program?
