On Wed, Mar 11, 2020 at 11:31:51AM -0400, Viktor Dukhovni wrote: > I think the server could be OpenSSL, because why I made sure that
s/why/while/.
> self-signed CA signatures are not subjected to security levels in
> x509_vfy.c, the same exclusion does not appear to be present in:
>
> int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
> [...]
--
Viktor.
