-
Notifications
You must be signed in to change notification settings - Fork 421
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does order matter when verifying an X.509 store? #1237
Comments
I fear my answer will be unsatisfying: this simply does whatever OpenSSL does :-/ |
I see, any tips on where I should look to figure this out? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I noticed that changing the order of the two intermediate CAs (when one is irrelevant) results in a different verification result:
I was under the impression that the order that certs are added to an X.509 store did not matter. I also didn't seem to find anything in the OpenSSL documentation about this. Can anyone clarify?
Example (source): https://gist.github.com/kaedenbrinkman/c5f2b7d05034999cd55821a4f3403720
The text was updated successfully, but these errors were encountered: