On 18 December 2014 at 02:08, Jerry OELoo <oyljerry at gmail.com> wrote: > > Hi Rich: > But why browser Chrome can show all certificate path? How did it do? > Thanks! > > Browsers fix up mistakes like this in various ways - Firefox caches intermediates and attempts to fix things by using them if the chain is missing. IE tries fetching them from windows update (indeed it does this for rarely used root certificates too), it is also possible to fetch the intermediates by downloading them from the location indicated in the AIA extension if present in the leaf certificate. I'm not quite sure which mechanism (or combination of mechanisms) is being used in the current version of Chrome but it's like a variant on one of these, Cheers Rich. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141218/a0d9c398/attachment.html>
