On Sat May 17 07:31:10 2014, j...@sk.ee wrote: > > We found bug in openssl CA certificate loading. This important bug for us in > Estonia ( http://id.ee/?lang=en <http://id.ee/?lang=en&id> &id= ) because we > use openssl as base library in digital signature verification. In digital > signature world it is normal that you want to verify signatures when CA > certificates are expired. >
I've just added an experimental fix for this to the master branch. See: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6c21b860ba8f0de64c6e96972ef3c728728d01a0 https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0930251df814f3993bf2c598761e0c7c6d0d62a2 It should now use a valid certificate in preference to an expired one. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
