On Fri, Mar 11, 2016 at 12:56:04AM +0100, Jakob Bohm wrote: > Your reply below is a perfect illustration of the expected confusion. Sorry, I disagree. The 1.1.0 changes fix various shortcomings that may well also be addressed in a future 1.0.2 update. The net effect is more consistent behaviour that is the same whether intermediate certificates are found in the trust-store or obtained from the peer. The few applications that enable partial chain support and the likely zero users who've created "decorated" intermediate certs in the OpenSSL trust store might notice some change. If you strongly feel that the behaviour should be the same for all users, that sounds like support for backporting the changes, which is something I will be proposing soon. -- Viktor.
