Got a question: It seems that OpenSSL allows the cert chain to be any number of certificates which it then treats as a pool to build the cert chain from whereas RFC 2246 says the certificate chains must be ordered and no redundant certs are allowed (+/- CA cert):
"The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it." Is this a result of weird implementations or just a implementation artifact? If it is just a artifact, would a patch to tighten up the checking be welcomed? /Sam -- Sam Meder <[EMAIL PROTECTED]> The Globus Alliance - University of Chicago 630-252-1752 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]