29.01.2015, 20:18, "Dr. Stephen Henson" :
> On Tue, Jan 27, 2015, Serj wrote:
>> Ok. But is there any documentation how to set intermediate certificates for
>> my SSL connections? Maybe I want to support these broken sites...
>
> You can add intermediate certificates to the trusted store: they'l
On Tue, Jan 27, 2015, Serj wrote:
>
> Ok. But is there any documentation how to set intermediate certificates for
> my SSL connections? Maybe I want to support these broken sites...
>
You can add intermediate certificates to the trusted store: they'll then be
used when it can no longer find s
> As I heard, OpenSSL 1.0.2 will do some improvement for
> AuthorityInfoAccess, Am I right? Thanks!
As in automatically fetch things? No.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
___
openssl-users mail
As I heard, OpenSSL 1.0.2 will do some improvement for
AuthorityInfoAccess, Am I right? Thanks!
On Wed, Jan 28, 2015 at 3:49 PM, Dave Thompson wrote:
>> From: openssl-users On Behalf Of Kurt Roeckx
>> Sent: Tuesday, January 27, 2015 17:14
>
>> On Tue, Jan 27, 2015 at 11:42:51PM +0300, Serj wrote:
> From: openssl-users On Behalf Of Kurt Roeckx
> Sent: Tuesday, January 27, 2015 17:14
> On Tue, Jan 27, 2015 at 11:42:51PM +0300, Serj wrote:
> What browsers do is cache the intermediate certificates.
That's one possibility. Another is that it uses AuthorityInfoAccess
to fetch the cert autom
> Browsers have too many work arounds for broken sites which results in
> those sites not actually getting fixed.
Because if the site doesn't work, the user will blame the browser and switch. :(
___
openssl-users mailing list
To unsubscribe: https://mta.
On Tue, Jan 27, 2015 at 11:42:51PM +0300, Serj wrote:
>
> > It is unfortunate that browsers "lend a helping hand" to such sites.
> So, you want to say that browsers trust connections that don't provide
> intermediate certs during SSL handhake?
> As I know most browsers have also intermediate cert
27.01.2015, 23:15, "Viktor Dukhovni" :
> Indeed some websites are misconfigured.
> But www.verisign.com is not among them:
> This is not needed for properly configured servers, such as
> www.verisign.com.
Ok. Seems to be I don't set the last root for www.verisign.com in my trusted
root certs and
On Tue, Jan 27, 2015 at 10:21:01PM +0300, Serj wrote:
> Some web-sites don't send all intermediate certs during "SSL Handshake".
Indeed some websites are misconfigured.
> For example, www.verisign.com sends only server's cert but doesn't send next
> intermediate cert:
But www.verisign.com is n
