projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3661bb4) | patch
In certain situations the server provided certificate chain may no longer be
authorMatt Caswell <matt@openssl.org>
Tue, 27 Jan 2015 10:03:29 +0000 (10:03 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 20 Apr 2015 12:42:17 +0000 (13:42 +0100)
commit6281abc79623419eae6a64768c478272d5d3a426
treefd1b70aa12779943a8e5cfb3f7251f937598c916tree | snapshot
parent3661bb4e7934668bd99ca777ea8b30eedfafa871commit | diff
In certain situations the server provided certificate chain may no longer be
valid. However the issuer of the leaf, or some intermediate cert is in fact
in the trust store.

When building a trust chain if the first attempt fails, then try to see if
alternate chains could be constructed that are trusted.

RT3637
RT3621

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.