> From: openssl-users On Behalf Of Jakob
> Bohm via openssl-users
> Sent: Tuesday, 1 June, 2021 09:58
>
> There is a very common extension to the validation of X.509
> certificates (which should ideally be available as an option
> parameter to OpenSSL validation APIs): The EKU in a CA:True
> certi
On 2021-05-28 22:50, Michael Wojcik wrote:
Just realized I sent this directly to Graham instead of to the list.
-Original Message-
From: Michael Wojcik
Sent: Friday, 28 May, 2021 09:37
To: 'Graham Leggett'
Subject: RE: X509_verify_cert() rejects all trusted certs wit
On Fri, May 28, 2021 at 01:30:14PM +0200, Graham Leggett via openssl-users
wrote:
> While running code that calls X509_verify_cert(), the trusted root
> certificates (“BEGIN TRUSTED CERTIFICATE”) loaded into the
> verification are failing verification with “certificate rejected”:
Typically, cert
Just realized I sent this directly to Graham instead of to the list.
-Original Message-
From: Michael Wojcik
Sent: Friday, 28 May, 2021 09:37
To: 'Graham Leggett'
Subject: RE: X509_verify_cert() rejects all trusted certs with "default"
X509_VERIFY_PARAM
> From: o
Hello,
is this a regression when comparing with OpenSSL-1.1.1?
If so, it might be a good idea to report this as an issue to the
project in GitHub.
Tomas
On Fri, 2021-05-28 at 13:30 +0200, Graham Leggett via openssl-users
wrote:
> Hi all,
>
> While running code that calls X509_verify_cert(), th
Hi all,
While running code that calls X509_verify_cert(), the trusted root certificates
(“BEGIN TRUSTED CERTIFICATE”) loaded into the verification are failing
verification with “certificate rejected”:
2: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE: verify failed:
certificate rejec