[EMAIL PROTECTED] wrote:
>
> Marc Jadoul wrote:
> >
> > Hi,
> >
> > >From RFC2246 (TLS V1.0)
> >
> > certificate_list
> > This is a sequence (chain) of X.509v3 certificates. The sender's
> > certificate must come first in the list. Each following
> > certificate must directly certify the one preceding it. Because
> > certificate validation requires that root keys be distributed
> > independently, the self-signed certificate which specifies the
> > root certificate authority may optionally be omitted from the
> > chain, under the assumption that the remote end must already
> > possess it in order to validate it in any case.
> >
> > In mod_ssl there is a chain for client auhentication
> > (SSLCACertificatePath,
> > SSLCACertificateFile ), but i do not see where to configure the chain
> > for the server certificate.
> >
> > Is there somewhere a possibility to configure this chain to send with
> > the server certificate ?
> >
>
> Isn't it the SSLCACertificatePath ??
>
> See ya,
>
Yes ... and No.
This problem has been resolved on the mod-ssl mailing list. Please read
it.
There is an open issue: This chain is also send to the client as
containing the trusted roots for client authentication.
Marc.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
