Comments for SSL_get_peer_cert_chain inconsistency.
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 90806e2..e23ca20 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c
@@ -1698,6 +1698,8 @@ if (s->session->sess_cert->cert_chain != NULL) sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); s->session->sess_cert->cert_chain=sk; + /* Inconsistency alert: cert_chain does *not* include the + * peer's own certificate, while we do include it in s3_clnt.c */ sk=NULL;