>How deep does the?certificate?chain have to be? It does not matter. >If I have 2 self-signed CA certificates, and a non-CA?certificate?is received for?verification, will this hit?the?problem? >Also, is it a condition of the bug that both CA certificates have to have the same subject names and keys, as suggested in the file? I think you are confused. The bug is not about CA's. It's about a non-CA fooling the runtime into treating it as if it were a CA and being able to issue a certificate.
