Wireshark and other packet capture tools can help you determine
exactly what's in the chain sent by the client. If the self-signed
root isn't being sent, then the "self-signed certificate in
certificate chain" error should never have been sent, and a bug report
on that issue would be appropriate.
Did you ever get an answer to that? There is a call BN_num_bytes(),
so the fix should be this:
*var = rc_vmalloc(BN_num_bytes(bn));
(*var)->l = BN_bn2bin(bn, (unsigned char *)(*var)->v);
Cheers,
Richard ( you should probably study include/openssl/bn.h in depth )
In message
on Mon, 26
> It was found in the chain of certificates sent by the client to the
> server for validation
Again, I could be wrong but that is my point. I do not think the client is
sending a chain of certificates, but rather only one, the CA-signed client
certificate. (I wrote and configured the client, and g
On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
> > Are there compatibility concerns around changing error message
> > text for which users may have created regex patterns in scripts?
> >
> > I agree the text could be better, but not sure in what releases
> > if any to change the t
On Sat, Dec 01, 2018 at 12:29:42PM -0800, Charles Mills wrote:
> I could easily be wrong -- you guys know more about certificates than I ever
> will -- but I do not *think* there is any self-signed certificate in this
> scenario. There should be exactly two certificates in this discussion:
>
> 1.
I could easily be wrong -- you guys know more about certificates than I ever
will -- but I do not *think* there is any self-signed certificate in this
scenario. There should be exactly two certificates in this discussion:
1. The client certificate. It is not self-signed (in the correct sense of
th
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Friday, November 30, 2018 18:38
>
> Are there compatibility concerns around changing error message
> text for which users may have created regex patterns in scripts?
>
> I agree the text could be
