The SSL specification indicates that the ServerCertificate message should
contain:
certificate_list: This is a sequence (chain) of X.509.v3
certificates, ordered with the sender's certificate first followed
by any certificate authority certificates proceeding sequentially
Erik,
Thanks for the pointer. It's very helpful.
HOWEVER, I can give you dozens of different sites that do it wrong, yet
they all work in the browsers. Clearly that particular part of the spec is
no longer relevant, and openssl should be updated. It's not a complicated
fix, after all.
What's
On Tue, Feb 14, 2012 at 3:22 PM, Timothy Kay tim...@not.com wrote:
Thanks for the pointer. It's very helpful.
HOWEVER, I can give you dozens of different sites that do it wrong, yet they
all work in the browsers. Clearly that particular part of the spec is no
longer relevant, and openssl
On Tue, Feb 14, 2012, Timothy Kay wrote:
Erik,
Thanks for the pointer. It's very helpful.
HOWEVER, I can give you dozens of different sites that do it wrong, yet
they all work in the browsers. Clearly that particular part of the spec is
no longer relevant, and openssl should be updated.
On Tue, Feb 14, 2012, Timothy Kay wrote:
We have been baffled for a long time that curl cannot access websites that
work just fine in the browser (unless we use --insecure, of course). The
curl documentation points you to http://curl.haxx.se/docs/sslcerts.html,
which explains that your server