On 2017-11-02 at 18:00 +0000, Viktor Dukhovni wrote: > IIRC, the last chain file loaded was used to provide the issuer > certificates for all the public key types. The work-around is to > make sure that all the issuer certificates needed by *any* leaf > cert are present in *each* chain file.
Presumably this is covered under the OpenSSL CHANGES file item in the list under "Changes between 1.0.1l and 1.0.2 [22 Jan 2015]": } *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file(): } this fixes a limiation in previous versions of OpenSSL. } [Steve Henson] -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##