> On Jan 8, 2018, at 5:46 PM, Misaki Miyashita <misaki.miyash...@oracle.com>
> wrote:
>
> I would like to suggest the following fix so that a valid certificate at
> <hash>.x can be recognized during the cert validation even when <hash>.0 is
> linking to a bad/expired certificate. This may not be the most elegant
> solution, but it is a minimal change with low impact to the rest of the code.
The patch looks wrong to me. It seems to have a memory leak.
It is also not clear that with CApath all the certificates will
already be loaded, so the iterator may not find the desired
matching element.
> Could I possibly get a review on the change? and possibly be considered to be
> integrated to the upstream?
> (This is for the 1.0.1 branch)
The 1.0.1 branch is no longer supported.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
