> If this works in 1.0.1 but not 0.9.8 I'm guessing its the name constraints > extension that is the problem which isn't supported in OpenSSL 0.9.8. > One of the intermediate certs does have a name constraint...
> Does the production site have any directories of trusted certificates or are > they all in a single file. I ask because the link algorithm changed in OpenSSL > 1.0.0 and later and is incompatible with the 0.9.8 version. > The production site is structured the same way as the development site with all of the certs in one file starting with the Common Policy cert. > Note that you can't just update the DLLs for a new major version of OpenSSL: > the applications will need to be recompiled too. > > You could try updating to OpenSSL 1.0.0i instead as the 1.0.1 series of > OpenSSL is very new and there are several reported interop problems. I don't have the means to compile my own Apache/OpenSSL combination. I have been going to apachelounge.com and/or slproweb.com to get my binaries. Can I get the Apache 2.2.22/OpenSSL 1.0.1a from ApacheLounge and replace the dlls with the OpenSSL 1.0.0i available on slproweb.com? Thank you for your help. Curtis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
