summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ui/ui_util.c
diff options
context:
space:
mode:
authorjsing <>2021-01-05 17:14:46 +0000
committerjsing <>2021-01-05 17:14:46 +0000
commit8e8301ad47bf0a141d94094f633bb082f23966a0 (patch)
tree14ec37dc6236f10143f0da4e09ebccf7dfea8cfb /src/lib/libcrypto/ui/ui_util.c
parent6c7a19527207c9facce4fe2c51bab20e5ccf1ceb (diff)
downloadopenbsd-8e8301ad47bf0a141d94094f633bb082f23966a0.tar.gz
openbsd-8e8301ad47bf0a141d94094f633bb082f23966a0.tar.bz2
openbsd-8e8301ad47bf0a141d94094f633bb082f23966a0.zip
Use legacy verifier when building auto chains.
The new verifier builds all chains, starting with the shortest possible path. It also does not currently return partial chains. Both of these things conflict with auto chain, where we want to build the longest possible chain (to include all intermediates, and probably the root unnecessarily), as well as using an incomplete chain when a trusted chain is not known. Depending on software configuration, we can end up building a chain consisting only of a leaf certificate, rather than a longer chain. This results in auto chain not including intermediates, which is undesireable. For now, switch auto chain building to use the legacy verifier. This should resolve the issues encountered by ajacoutot@ with sendmail. ok tb@
Diffstat (limited to 'src/lib/libcrypto/ui/ui_util.c')
0 files changed, 0 insertions, 0 deletions