> From: openssl-dev On Behalf Of [email protected] > Sent: Wednesday, January 28, 2015 00:08
This is a basic user question, not dev. > I want to connect with different SSL servers. So I need to load different Server CA certs into SSL Context. If the servers are (or may be) using different CAs, yes. > Is it possible to load different server CA certs of different SSL servers in a single SSL Context? > If yes, when I am connecting with SSL server, SSL client can traverse all the CA certificates > in the SSL context, and can find the CA certificate that is fit for the Server URL? Yes. There are actually two mechanisms. For CAfile, all the certs are loaded into memory, and the lookup just searches them. For CApath, the certs are left on disk, with filenames using hashes of the canonical subject names; lookup takes the hash of the needed CA, and reads the file(s) if any for that hash to find it. See the manpage on your system or at https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html . Also https://www.openssl.org/docs/apps/verify.html for some more details. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
