#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: closed
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: fixed | Keywords: tofu
--------------------------+----------------------
Comment (by gahr2):
It looks like it's not skipped, but the same certificate is shown twice:
{{{
18 [2017-03-08 13:32:18] Connecting to ptrcrt.ch...
19 [2017-03-08 13:32:18] ssl_load_certificates: loading trusted
certificates
20 [2017-03-08 13:32:18] ssl_socket_open: Error loading trusted
certificates
21 [2017-03-08 13:32:18] ssl_verify_callback: checking cert chain entry
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 (preverify: 0
skipmode: 0)
22 [2017-03-08 13:32:18] X509_verify_cert: unable to get local issuer
certificate (20)
23 [2017-03-08 13:32:20] ssl interactive_check_cert: done=2
24 [2017-03-08 13:32:20] ssl_verify_callback: checking cert chain entry
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 (preverify: 1
skipmode: 1)
25 [2017-03-08 13:32:20] X509_verify_cert: unable to get local issuer
certificate (20)
26 [2017-03-08 13:32:20] ssl interactive_check_cert: done=2
27 [2017-03-08 13:32:20] ssl_verify_callback: checking cert chain entry
/CN=gahr.ch (preverify: 1 skipmode: 1)
28 [2017-03-08 13:32:20] ssl_verify_callback: hostname check passed
29 [2017-03-08 13:32:20] X509_verify_cert: unable to get local issuer
certificate (20)
30 [2017-03-08 13:32:22] Certificate saved
}}}
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:67>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
