[Pkg-openssl-devel] Bug#829272: Missing accessors

msalle@nikhef.nl via RT rt at openssl.org
Mon Jul 25 15:51:47 UTC 2016


On Mon, Jul 25, 2016 at 01:44:18PM +0000, Salz, Rich via RT wrote:
> I am not sure what to suggest.  This conversation is bouncing across
> two ticket systems and is all about a legacy certificate format that
> is, what, outdated since 2002?
> I am hard-pressed to see why OpenSSL 1.1 has to do anything other than
> what Richard proposed.

The two ticket systems is indeed annoying and I don't know what to do
about that (I did not start this thread) other than removing one of
them.

The point is that if OpenSSL is providing a verification callback which
can be used to provide a custom verification of the cert chain, then it
should provide the necessary handles and the thing still missing from
what Richard proposed is a way to point to the failing certificate in
the chain. We can set the error, but not at which depth in the chain the
error occurred.
This in itself is not limited to our use-case but is a general API
request.

    Mischa




> 
> -- 
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
> Please log in as guest with password guest if prompted
> 

-- 
Nikhef                      Room  H155
Science Park 105            Tel.  +31-20-592 5102
1098 XG Amsterdam           Fax   +31-20-592 5155
The Netherlands             Email msalle at nikhef.nl
  __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted



More information about the Pkg-openssl-devel mailing list