On Wed, Mar 11, 2020 at 11:31:51AM -0400, Viktor Dukhovni wrote: > I think the server could be OpenSSL, because why I made sure that
s/why/while/. > self-signed CA signatures are not subjected to security levels in > x509_vfy.c, the same exclusion does not appear to be present in: > > int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee) > [...] -- Viktor.