22 Oct
2009
22 Oct
'09
2:40 p.m.
Hi Paul,
This one introduces some failures on some boxes. Are they indeed missing the needed Verisign root certificate as stated in the logs?
No, that warning is spurious in this case. Austin and I introduced competing patches for this one, where my warning was intended to warn only in the case that no root certificates were found, hence would not produce spurious warnings. His was simpler and beat mine.
Could it just be a fact of an older crypt32 that doesn't deal (properly) with CERT_TRUST_IS_NOT_VALID_FOR_USAGE?
Yes. I was hoping to mark these with broken, but I missed it on some chains. Does the attached patch help? --Juan