Hi, I am dealing with a CA certificate bundle, similar to this one: https://github.com/twitter/secureheaders/blob/master/config/curl-ca-bundle.crt, like the example, the one I am dealing with was automatically generated from mozilla's certdata.txt.
Consider the certificate labelled "Bogus live.com". Now I know from some searching that this certificate is intended to block a bad certificate, but I don't know how this works in an openssl cert bundle. I am concerned that perhaps the conversion from the format used by mozilla has lead to the certificate being included as a trusted cert instead of an explicitly untrusted one. Note that there are no other associated files (eg: blacklist.txt) (in either the example given, or the file I am dealing with). Thanks in advance for any light you can shed on this subject. Sassan panahinejad
