On Mon, Sep 12, 2016 at 11:40:08PM -0700, Philip Guenther wrote: > Hmm. What wording of the documentation suggested that multiple > certificates should or *could* be place in that file? The manpage
Oops, I had incorrectly assumed that's how intermediates were provided a la nginx > It doesn't say how it behaves if there are multiple certificates in > the file, so why do you think the current behavior is wrong? More > precisely, since it *doesn't* say *which* cert in the file it would > use when there are multiple, it may use any of them. If the one it > chose didn't match the key that you provided the yeah, it'll fail. > So, as the old joke goes, "don't do that!" Now knowing intermediate cert prepending isn't supported, I don't think the current behavior is wrong. > Having looked at the source, I *think* I know which it'll use as the > server cert, and what it'll do with other certs in file, but > a) I haven't tested it and > b) more importantly, reyk@ hasn't documented a behavior and thereby > decided it's supported, in some sense. I'll try and see if I can implement it, I don't believe it's too complicated. Maybe adding an 'intermediate-cert <path>' option in httpd.conf Ian
