> On Dec 11, 2017, at 6:03 PM, Dr. Pala <madwolf@xxxxxxxxxx> wrote: > > thanks :D I just tried to set it and I get a different error now : 22 (certificate chain too long)... I suspect it is a side effect of using the X509_V_FLAG_PARTIAL_CHAIN flag... ? (no chain restrictions are set in the certificates themselves...), but I have not dug into the vfy code yet... Perhaps you ended up creating a parameter structure with a depth limit that's too small. Just configuring partial chains will never yield a chain that is longer than it otherwise would be. In fact you generally get shorter chains. So, no this is not a result of using the new flag, but may be a result of how you're going about setting the flag. > ... any suggestion on how to fix this ? Do you think it is actually a bug ? ... or am I missing some other configs / setting I should have done for the verify param ? You should obtain a reference to the existing parameters from the context, and modify these to add the new flag. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
