In message <[EMAIL PROTECTED]> on Thu, 20 Jan 2005 12:03:13 -0600, Samuel Meder <[EMAIL PROTECTED]> said:
meder> Got a question: It seems that OpenSSL allows the cert chain to meder> be any number of certificates which it then treats as a pool to meder> build the cert chain from whereas RFC 2246 says the certificate meder> chains must be ordered and no redundant certs are allowed (+/- meder> CA cert): meder> meder> "The sender's certificate must come first in the list. Each meder> following certificate must directly certify the one preceding meder> it." Yes? Does OpenSSL fail to accept a list of certificates ordered that way? Does OpenSSL fail to send a list of certificates in that manner? After all, RFC 2246 is about the bytes sent and received, nothing else. It doesn't care about the internal sorting in the software doing the sending and the receiving. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
