On 2019/10/04 10:00, Stuart Henderson wrote: > I wonder if a process without network pledge could be trying to fetch a > missing intermediary cert from the address in the "CA Issuers" field in > the cert. Might get some more information if you show the connection > and cert from "openssl s_client -connect localhost:44444"..
Ah, Solene pointed out that she already included this in the first mail. There's no CAI in the certificate which invalidates my "fetching missing intermediary" theory.