Gary E. Miller via devel writes: >> If you can't get the root cert, you cannot validate anything that has >> this root as the trust anchor. > > And yet, yesterday I was able to use git head to validate using just > a Let's Encrypt chain file. So, yes, you need a root file to validate > against a root file, but you can validate against intermediate files > too. This is a good thing.
_You_ moved the root up by declaring the intermediate to be the new root. Which (as was said multiple times before) just means that once you've found a cert that has ultimate trust no further checks will be performed, even when there are independent cert chains that would lead to other trust anchors. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
