22 at 02:11:38PM +0000, Andrew Lynch via openssl-users wrote:
...
>
> I’ve also asked my colleagues why the download is http instead of
> https…
You should look to multiple independent sources to validate the authenticity of
a trust anchor public key. Trusting "https" to prove
-users Im Auftrag von Andrew
Lynch via openssl-users
Gesendet: Freitag, 16. September 2022 15:53
An: Corey Bonnell ; openssl-users@openssl.org
Betreff: AW: [EXTERNAL] Stricter pathlen checks in OpenSSL 1.1.1 compared to
1.0.2?.
Hi Corey,
I believe Victor has explained the issue sufficiently
ul in better diagnosing the issue.
Thanks,
Corey
From: openssl-users mailto:openssl-users-boun...@openssl.org> > On Behalf Of Andrew Lynch via
openssl-users
Sent: Friday, September 16, 2022 4:32 AM
To: openssl-users@openssl.org <mailto:openssl-users@openssl.org>
Subject: AW: [EXTERNAL]
he only ones that matter are the
values set in C and D, and these values are coherent with both chains.
On Thu, Sep 15, 2022 at 7:34 PM Andrew Lynch via openssl-users
mailto:openssl-users@openssl.org>> wrote:
Hi,
I would like to have my understanding of the following issue confirmed:
Hi,
I would like to have my understanding of the following issue confirmed:
Given a two-level CA where the different generations of Root cross-sign each
other, the verification of an end-entity certificate fails with OpenSSL 1.1.1 -
"path length constraint exceeded". With OpenSSL 1.0.2 the sam
