On Thursday 20 January 2005 15:27, Samuel Meder wrote: > On Thu, 2005-01-20 at 15:16 -0500, Rich Salz wrote: > > > My point is that OpenSSL does work even if the list of certificates > > > does not comply to to RFC2246 ... which seems bad to me
-<snipped>- > If you feel that tightening up is not worth the risk that is fine. We'll > either just carry a patch or ignore the problem. I really just wanted to > gauge the situation. Could your patch be controlled by an option to the SSL or SSL_CTX object? That way we can go forward with stricter checking in the future, and the possibility of turning off the checking easily at the application level if bug-for-bug compatibility dictates. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
