Reported bug fixed. No further responses assuming resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project
> [nick.le...@usa.g4s.com - Mon Sep 12 10:31:50 2011]:
>
> Thank you for looking at the patch and reporting the problem
>with it. I apologise that I did not test it properly. The path loop
>test in the patch should of course be first whether the issuer is
>in the chain and only if it i
>With update version i confirm that regression test of a software now
>pass with OpenSSL HEAD version.
>
>I still have problem with HEAD regarding check if is for self signed.
>This case is not in openssl regression tests ans cannot be reproduced
>with openssl command line. Case is when callba
Nick Lewis via RT wrote:
> Roumen
>
> Thank you for looking at the patch
[SNIP]
> + if (issuer_num&& (issuer_num< x_num))
>
> Please find a corrected version below
>
> Best Regards
> Nick
>
[SNIP]
With update version i confirm that regression test of a software now
pass with Op
Nick Lewis via RT wrote:
Roumen
Thank you for looking at the patch
[SNIP]
+ if (issuer_num&& (issuer_num< x_num))
Please find a corrected version below
Best Regards
Nick
[SNIP]
With update version i confirm that regression test of a software now
pass with OpenSSL HEAD v
Roumen
Thank you for looking at the patch and reporting the problem with it. I
apologise that I did not test it properly. The path loop test in the patch
should of course be first whether the issuer is in the chain and only if it is
then whether it is lower than the cert x i.e.
+
Nick Lewis via RT wrote:
> The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not
> work correctly for some combinations of ctx->chain, x and issuer. For example
> when the cert x is in the chain at a location other than the top, a path loop
> is incorrectly declared. Also if
Nick Lewis via RT wrote:
The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not work
correctly for some combinations of ctx->chain, x and issuer. For example when
the cert x is in the chain at a location other than the top, a path loop is
incorrectly declared. Also if the ce
The path loop detection in crypto/x509/x509_vfy.c:check_issued() does not work
correctly for some combinations of ctx->chain, x and issuer. For example when
the cert x is in the chain at a location other than the top, a path loop is
incorrectly declared. Also if the cert x is at the top of the c