SSL_CTX_load_verify_locations only with CAPath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> I thought, as the doc has (always? long?) said, that CApath must have each
> cert (or CRL) in a separate file. But on checking I see that by_dir.c actually calls
> X509_load_{cert,crl}_file from by_file.c, which for PEM loads all certs (or crls)
> in a file to the working context. Thus a hashlink to only the 3rd cert in a file,
> where that 3rd cert is the only one you need, actually works even though not
> documented and I'm not sure intended.

That's definitely sub-optimal.  Can you open a ticket for this?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux