[openssl.org #1778] default maximum chain length considered too low

Maarten Litmaath via RT Thu, 06 Nov 2008 01:16:28 -0800

Dear OpenSSL developers,
on August 14 I posted this matter to the developer list.  There has
been no response.  Please include this issue in the bug tracker.


Various grid projects have run into the default maximum chain length
of 9 being too low.  These bug reports show examples:

    http://bugzilla.globus.org/globus/show_bug.cgi?id=4994

    https://savannah.cern.ch/bugs/index.php?37563

The functions SSL_CTX_set_verify_depth() and SSL_set_verify_depth()
allow the maximum length to be increased, but this means that every
application or library around OpenSSL needs to make such calls.
Why not increase the default, say, to 100 instead, as Globus did?
Thanks,
        Maarten (CERN/LCG/EGEE)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

[openssl.org #1778] default maximum chain length considered too low

Reply via email to