On Tue Feb 02 01:44:47 2016, openssl-dev@openssl.org wrote: > On Mon, Feb 01, 2016 at 07:18:04PM +0000, Rich Salz via RT wrote: > > > This is reported against 0.9.x; please open a new ticket if still a > > problem > > with current releases. > > The same behaviour is present in all releases including master. > I don't see any code in OpenSSL that imposes any constraints on > the subject names of proxy certificates. > > If strict adherence to the rules in RFC3820 is important for security > (I don't where proxy certs are used and what real semantics > applications expect), then this issue remains to be addressed. > > Perhaps reopen this one.
This has now been fixed in master, along with a pc pathlength checking bug fix. The backport to 1.0.2 (and possibly 1.0.1) is still pending review. Cheers, Richard -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1852 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev