Way back in May 2014, there was a patch by Matt Casswell to not incorrectly reject all certificate chains with IP address name constraints and actual IP address names (dd36fce023a64d90058b8fefbd95dadaca98f9ca). However for some unknown reason, this was not included in 1.0.2 which thus still rejects all such certificate chains. Why? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
