Thread: [axtls-general] x509_verify fails if Root Cert supplied during handshake does not contain Issuer CN
Brought to you by:
cameronrich
From: John P. <jpower@Selc.ie> - 2017-07-14 15:09:19
|
Hi, I'm seeing this happening with an Amazon server. If I export the root cert from Firefox, the Issue CN is specified (presumably fixed within the Firefox cert parser), but when I actually grab it with openssl, the Issuer CN is missing. In reality this field is a little trivial because in this case, the Subject and Issuer are the same. There was a thread on this exact topic on Stackoverflow: https://stackoverflow.com/questions/10276018/x-509-are-all-parts-of-a-dn-optional However, in AxTls because the Issuer CN field is not present, the match_ca_cert check fails and the X509_VFY_ERROR_NO_TRUSTED_CERT error results. Anyone seen this? Thanks, John |