Richard Levitte - VMS Whacker wrote:I am certainly not an expert, but I thought the bendingIn message <[EMAIL PROTECTED]> on Thu, 6 May 2004 08:24:57 -0400, "Erik Tkal" <[EMAIL PROTECTED]> said:etssl> Can anyone answer this? How do I tell if this is a known etssl> problem with OpenSSL or if the RFC is incorrect, or if this is etssl> just a accepted deviation? I can't really say, as that's not my forte in OpenSSL, so what I say is just a guess. There are several places in OpenSSL (some ASN.1 stuff among others, IIRC) where the standards aren't entirely followed to the letter (you could say that the standards have been expanded a little bit, to be kind), so as not to break with some other software (I think Microsoft is often mentioned at this point...) that deviates from standards a little bit. My guess is that this possibility to generate an empty list of ceritificate requests may be that kind of deviation. I would love it if those in the team that really know the SSL parts could give an accurate response... of the rules was on the side of accepting things that were not standard; not generating things which were not standard. At least anything that would result in generating non-standard output should have a SSL_OP flag associated with it. What code is being executed that is causing the zero length CA list? |
smime.p7s
Description: S/MIME Cryptographic Signature
