If a CA uses intermediary certs that are not distributed in all truststores such as quovadis with mozilla's trust store. Servers do not only transmit leaf certificates, but also intermediary ones.
http://httpd.apache.org/docs/2.1/mod/mod_ssl.html#sslcertificatechainfile So, with openssl s_client -connect smtp.privasphere.com:25 -debug -starttls smtp I do see that more than cert is sent: Certificate chain 0 s:/C=CH/ST=ZH/L=Zuerich/O=PrivaSphere AG/OU=Secure Messaging/CN=smtp.privasphere.com i:/C=CH/O=QuoVadis Trustlink Schweiz AG/OU=Issuing Certificate Authority/CN=QV Schweiz ICA 1 s:/C=CH/O=QuoVadis Trustlink Schweiz AG/OU=Issuing Certificate Authority/CN=QV Schweiz ICA i:/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority but even with the debug option, only the leaf certificate is shown while I would like also see the others in the chain ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
