Thanks for quick response and explanations! You are right, the second certificate in the chain did not have CA ext flag set and 0.9.8 did not like it while 0.9.6/0.9.7 ignore this problem. Very strange that I missed this till now :(
Thanks again, Aleksey ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]