On Thu, Sep 05, 2002, Lutz Jaenicke via RT wrote: > > On Thu, Sep 05, 2002 at 09:36:09AM +0200, Tom Wu via RT wrote: > > > > I noticed that that the functions SSL_CTX_use_certificate_file and > > SSL_CTX_use_certificate_chain_file are available for use with an SSL_CTX > > *, yet there is no "chain" version available to set with an SSL *, only > > SSL_use_certificate_file and friends. Any particular reason for this? > > Its a problem with the current API. It did not take this situation > into account. It e.g. makes client side callbacks useless, which > would need to set a complete certificate chain to satisfy a server's > request. >
Doesn't OpenSSL do a kind of cheap and nasty certificate verify to build up the chain, or am I thinking of something else? If it does that would be a possible work around but I agree that the API should be extended. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
