cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] openssl: allow partial trust chains

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 14 Dec 2015 15:50:25 +0100 (CET)

On Wed, 25 Nov 2015, Reiner Herrmann wrote:

> By default OpenSSL only accepts connections if the full chain to the root
> can be verified. If only an intermediate CA in the chain is trusted, setting
> this flag also allows the connection when the root CA is not trusted. This
> is also the default behavior for e.g. GnuTLS.

Hi again, let's bring this patch back to life.

What would you say about adding a bit to the CURLOPT_SSL_OPTIONS option to
allow an application to optionally switch off "partial trust chains" ?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2015-12-14

This message: [ Message body ]
Next message: Tim Ruehsen: "Re: [PATCH] openssl: allow partial trust chains"
Previous message: Daniel Stenberg: "RE: HTTPS proxy support coming with your help!"
Maybe in reply to: Tim Ruehsen: "Re: [PATCH] openssl: allow partial trust chains"
Next in thread: Tim Ruehsen: "Re: [PATCH] openssl: allow partial trust chains"
Reply: Tim Ruehsen: "Re: [PATCH] openssl: allow partial trust chains"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]