Why do you have to trust root CAs? Why can't you trust at a lower level,
e.g. an intermediate CA or even a leaf certificate that is not a CA at all?
Allowing this should inject no security issue and in fact enhance security
by allowing you to be more restrictive in what you are willing to trust.
W. Matthew Edmonds
IBM Systems & Technology Group
Email: edmon...@us.ibm.com
Phone: (919) 543-7538 / Tie-Line: 441-7538
From: Rich Salz via RT <r...@openssl.org>
To: William M Edmonds/Raleigh/IBM@IBMUS
Cc: openssl-dev@openssl.org
Date: 08/08/2016 09:47 PM
Subject: [openssl.org #4644] bug: cert verification always examining
entire chain
You have to create a trust store with the CA's that you trust.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644
Please log in as guest with password guest if prompted
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
