Hi Jakub, > -----Original Message----- > From: jakub....@gmail.com [mailto:jakub....@gmail.com] On Behalf Of Jakub > Zelenka > Sent: Thursday, March 23, 2017 9:19 PM > To: Anatol Belski <a...@php.net> > Cc: PHP internals list <internals@lists.php.net> > Subject: Re: OpenSSL 1.1 test keys >
> Yep I have been looking a little bit and it really seems that it is about the > CA cert > and OpenSSL 1.1 is a bit more strict about verification of it. IIRC it was > failing on > extension part when I was quickly debugging it. When I check purpose using > > $ openssl x509 -in sni_server_ca.pem -purpose > > then it is visible that the cert is not a server CA which should probably be > but not > sure if that's the reason. I think we will need to use a different cert for > that test. > I have got it on my todo list so hopefully will add something more sensible > that > works soon unless you want to do it. Until then skip is fine ;) > Thanks for the confirmation. Linking Daniel as well as the patch author. I'd prefer you guys to care about the new test data, probably the most reliable way to do it :) Thanks Anatol
