Hi, when I verify an X509 cert against a ca certificate, I found that the
cert can pass validation even if it has two instances of X509v3 Basic
Constraints, X509v3 Subject Key ids, and authority key ids. Seems that some
issues are not important in verification. (I guess one reason is that one
subject key id is the same as the authority key id, and thus openssl may
regard it as a self-signed certificate? ) Should this be forbidden?
command:  openssl verify -x509_strict -verbose -CAfile  myroot.pem
mycert.pem

Attachment: myroot.pem
Description: application/x509-ca-cert


Attachment: myfile.pem
Description: application/x509-ca-cert

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to