در تاریخ سهشنبه ۲۴ مارس ۲۰۲۰، ۵:۲۰ Viktor Dukhovni < openssl-us...@dukhovni.org> نوشت:
> On Mon, Mar 23, 2020 at 05:27:55PM -0700, Benjamin Kaduk via openssl-users > wrote: > > > > I *think* possibly also the precise nature of that client cert > > > matters; a testcase I set up away from my production > > > system failed to induce the error. The client cert > > > is loaded using SSL_CTX_use_certificate_chain_file(); > > > the file contains a private-key and a 3-element chain > > > with a Lets Encrypt cert (leaf, signer, CA-root). > > > The CA is sha1/rsa, the other two are sha256/rsa. > > > > Try omitting the (sha1) CA from the file? > > That's not plausibly related to a failure to construct > the list of CA distinguished names. The signatures > are not looked at by the function reporting the error. > > -- > Viktor. >