On Tue, Feb 14, 2012, Timothy Kay wrote: > Erik, > > Thanks for the pointer. It's very helpful. > > HOWEVER, I can give you dozens of different sites that do it wrong, yet > they all work in the browsers. Clearly that particular part of the spec is > no longer relevant, and openssl should be updated. It's not a complicated > fix, after all. > > What's the mechanism for suggesting this enhancement? >
This *should* work in OpenSSL as it doesn't assume the certificate chain is in order other than the initial one being the server certificate. If the chain is incomplete it wont work though. I'll check the examples you gave. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org