On Thursday 20 January 2005 13:03, Samuel Meder wrote: > Got a question: It seems that OpenSSL allows the cert chain to be any > number of certificates which it then treats as a pool to build the cert > chain from whereas RFC 2246 says the certificate chains must be ordered > and no redundant certs are allowed (+/- CA cert):
I'm not sure I understand this - are you saying you've found a way to get OpenSSL to create a chain that contains the same CA cert more than once? > "The sender's certificate must come first in the list. Each following > certificate must directly certify the one preceding it." > > Is this a result of weird implementations or just a implementation > artifact? If it is just a artifact, would a patch to tighten up the > checking be welcomed? > > /Sam What would the patch tighten up? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
