Hi All: I have used openssl 1.0.1j to construct certificate chain from https web site. Now I can construct certificate chain correctly for facebook, twitter.
When I construct google's (www.google.com) certificate chain, it is different with browser's [openssl API] www.google.com -> Google Internet Authority G2 -> GeoTrust Global CA -> Equifax Secure Certificate Authority [IE/Chrome] www.google.com -> Google Internet Authority G2 -> GeoTrust Global CA And from this link, http://security.stackexchange.com/questions/53231/google-certificates-correct-ca It seems openssl use one certificate path with "bridge cert" but browsers use another certificate path, and in answer, it said "OpenSSL, which curl uses, is not, or at least not yet; thus you must tell curl to give OpenSSL the Equifax root. (The OpenSSL 1.0.2 release, currently in beta, is announced to have enhancements in the area of cert chain validation, which I haven't looked at in detail yet.", So is there any way that openssl 1.0.1j can solve this and construct same certificate path with browsers did? Thanks in advance! -- Rejoice,I Desire! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
