On Fri, Feb 10, 2006, Tim Bond via RT wrote:

> I am doing some interop testing with a toolkit that performs PKIX
> certificate verification and it is having a problem validating a chain I
> built with OpenSSL. What appears to be happening is that when 'ca' copies
> in the authority key information into the client certificate, it is pulling
> in the CA subject from my root CA instead of my intermediate CA (marked
> *wrong* below).
> If you look at the following chain (leaf->intermediate->root CA), you will
> notice the subject key/authority keys are correct. The authority serial
> numbers are correct. But, the leaf certificate has the rootCA's subject DN.
> It should be the intermediate CA's subject DN.

This question has been asked quite a few times before. OpenSSLs behaviour is
correct. I suggest you check the archives for detailed reasons.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org