[EMAIL PROTECTED] said:
> OpenSSLs behaviour is correct.
>
> A standard property of certificates is that the issuer name and serial
> number must be unique.
>
> The Authority Key Identifier extension is used as a means of uniquely
> identifying the issuing authority. One way it does this is to use the
> issuer name and serial number of the issuing authority.
You are completely right. Everything was caused by a misunderstanding of
the procedures for validating the certificate chains. We are planning to
join a new certification hierarchy and were not sure of the steps we
had to to take in order to get the new and the old hierarchies working
in parallel.
When we detected that the routine was making a test that seemed
anti-intuitive, we thought it was a bug.
Thanks a lot for your time and your help,
--
"Esta vez no fallaremos, Doctor Infierno"
Diego R. Lopez
[EMAIL PROTECTED]
RedIRIS
The Spanish NREN
Tl: +34 955 056 621
-----------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
