Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
add_cert_to_certinfo should reverse the order of the certificates for SChannel #4518
I did this
Context : we have a unit test that is using libCurl built with OpenSSL. We recently changed the SSL backend to WinSSL (SChannel), and one of our unit tests broke. The following is what the unit test is essentially doing, and what is wrong.
Notice here that the method only looks at index 0 in the array, that is the first certificate.
I expected the following
I expected that the order of the certificates would be the same when changing the backend. I suggest using the OpenSSL order, i.e. the peer certificate first as it is detailed in an RFC and this order has been in the code base for longer than SChannel.
File : lib/vtls/schannel.c
[curl -V output]
Windows 10, version 1903.