|
Questions for the SSL code gurus:
When using OpenSSL v.0.9.6 and calling
SSL_CTX_use_certificate_chain_file() and supplying a .PEM
file
containing the server cert and signing certs,
the signing
root certs
do not appear to be sent to the client when
using s_client -showcerts.
Is the chain file a
series of concatenated PEM files similar to a file
passed
to SSL_CTX_load_verify_locations()? Does one need to make additional
function call(s)? I am not getting an error return from the chain call.
I've read the help docs linked around
My file is sorted starting with the server cert and going up to the
root cert. I am not calling SSL_CTX_load_verify_locations()
within my server because I'm not expecting client certs and the help
docs do not indicate this is required.
Please help. Thank you!
|
- Re: cert chain issue Rob Neff
- Re: cert chain issue Lutz Jaenicke
