In certain situations the server provided certificate chain may no longer be
authorMatt Caswell <matt@openssl.org>
Tue, 27 Jan 2015 10:03:29 +0000 (10:03 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 25 Feb 2015 09:14:13 +0000 (09:14 +0000)
commitda084a5ec6cebd67ae27f2463ebe4a50bb840fa5
treef160887ba1821261dff6e57b6225b135e3b20f79
parent5b8aa1a2af738f93b535798bfc07069aada264e1
In certain situations the server provided certificate chain may no longer be
valid. However the issuer of the leaf, or some intermediate cert is in fact
in the trust store.

When building a trust chain if the first attempt fails, then try to see if
alternate chains could be constructed that are trusted.

RT3637
RT3621

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
crypto/x509/x509_vfy.c