>With update version i confirm that regression test of a software now >pass with OpenSSL HEAD version.
> >I still have problem with HEAD regarding check if is for self signed. >This case is not in openssl regression tests ans cannot be reproduced >with openssl command line. Case is when callback function return >true(ok) for when error is X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT for >certificate that is not is trusted store. Later in code function >check_trust() will return X509_TRUST_UNTRUSTED and check with comment /* >If not explicitly trusted then indicate error */ will call again >callback function with different error code. This functionality is not >same as 1.0.0x. > >Roumen Roumen I am not sure that I fully understand what should change in X509_verify_cert(). Should the X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error instead be simply a X509_TRUST_UNTRUSTED error to force early failure? Alternatively should the check_trust() step be skipped for the special case of an X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error. May I please ask you to lead me step by step through the correct operation in 1.0.0x and the incorrect operation in HEAD Best Regards Nick The details of this company are as follows: G4S Technology Limited, Registered Office: Challenge House, International Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338. This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity. This e-mail has been scanned for all viruses by MessageLabs. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
