Got a question: It seems that OpenSSL allows the cert chain to be any
number of certificates which it then treats as a pool to build the cert
chain from whereas RFC 2246 says the certificate chains must be ordered
and no redundant certs are allowed (+/- CA cert):

"The sender's certificate must come first in the list. Each following
certificate must directly certify the one preceding it."

Is this a result of weird implementations or just a implementation
artifact? If it is just a artifact, would a patch to tighten up the
checking be welcomed?

/Sam

-- 
Sam Meder <[EMAIL PROTECTED]>
The Globus Alliance - University of Chicago
630-252-1752


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to