> The Trust Manager certainly does basic signature and expiration
> validation.


Do you know if there is some sort of caching of this verification or if it
happens on every connection ?

> As far as certificate chains are concerned, there was a bug introduced
> moving from 5.1 to 6.0 where chains were not handled correctly. The
> relevant PMR was 11646,999,678 which describes the workaround.


Any chance that you could translate the PMR reference to a public PK or
comment on the workaround ?