Re: [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



    > "Provided chain ends with unknown self-signed certificate".

I like this. 

IMHO "unrecognized" would be more confusing.

I hope the team makes up their mind quickly.

On 12/4/18, 6:17 PM, "openssl-users on behalf of Michael Wojcik" <openssl-users-bounces@xxxxxxxxxxx on behalf of Michael.Wojcik@xxxxxxxxxxxxxx> wrote:

    > From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf
    > Of Jakob Bohm via openssl-users
    > Sent: Tuesday, December 04, 2018 08:15
    > > Care to create a PR against the "master" branch?  Something
    > > along the lines of:
    > >
    > >      "Provided chain ends with untrusted self-signed certificate"
    > >
    > > or better.  Here "untrusted" might mean not trusted for the requested
    > > purpose, but more precise is not always more clear.
    > >
    > Perhaps s/untrusted/unknown/ as in
    >
    > "Provided chain ends with unknown self-signed certificate".
    
    Yes, that might be better. Or maybe "unrecognized". Of course there's scope for someone to misinterpret regardless of which term is used. I can suggest various alternatives in the PR and let the team decide.
    
    > Or even better, two different error codes:
    >
    >   - "Only self-signed end certificate provided"
    >
    >   - "Provided chain ends with unknown root certificate"
    >
    > (Deciding which one keeps the old error code is left as
    >   an exercise).
    
    I can raise that as a possibility too, in the PR. Obviously it's a bit more work than simply changing the existing text.
    
    --
    Michael Wojcik
    Distinguished Engineer, Micro Focus
    
    
    
    -- 
    openssl-users mailing list
    To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
    

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux