Hi, It seems that having the same key isn't actually a prerequisite, I actually have a pair of certificates in hand with the same issuer but different keys that reproduce this order-dependent behavior. (I'm currently in talks with our IT department for clearance to submit these certs as a testcase, since they are currently internal-use only.)
Also, we certainly shouldn't _crash_ even with duplicate keys. (Just checked, the nonidentical-key certificate pair above also reproduces the crash on win32.) > -------------------------------------------------------------------------- This message, including its attachments, is confidential. For more information please read NNG's email policy here: http://www.nng.com/emailpolicy/ By responding to this email you accept the email policy. -----Original Message----- > From: Salz, Rich via RT [mailto:[email protected]] > Sent: Tuesday, June 21, 2016 3:24 PM > To: Gábor STEFANIK <[email protected]> > Cc: [email protected] > Subject: RE: [openssl-dev] [openssl.org #4580] "openssl verify -CAfile > cacerts.pem cert.pem" fails if cacerts.pem is ordered in certain ways > > Having a mix of experied and unexpired certificates in the trust store for the > same issuer/key seems to be undefined. I am not sure this is a bug. > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580 > Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4580 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
