Hello,

One further question. Can you please confirm that the alternative
certificate chain feature is enabled by default? It seems to be implied in
all emails regarding this matter, and I'm assuming the Advisory email would
have mentioned it otherwise.

I've searched the OpenSSL code and seen that X509_V_FLAG_NO_ALT_CHAINS
exists but is not set in the "flags" member by default when a new X509
context is initialised. And my code does not modify the context to include
this flag.

Please let me know if I'm missing something.

(I'm using OpenSSL 1.0.1o)

Many thanks,
RCD


>
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to