I am using SSL_CTX_use_certificate_chain_file() to load the certificate chain.
Due to some issue, my certificate chain file has the following (please look at 
the stray character "?")

-----BEGIN CERTIFICATE-----
    Base-64 data of server
-----END CERTIFICATE-----
?-----BEGIN CERTIFICATE-----
    Base-64 data of Int CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Base-64 data of Root CA
-----END CERTIFICATE-----
?
I see that the certificate immediately following the "?" is getting not 
delivered during handshake; in this case certificate of Intermediate CA.

Was going through https://www.irt.org/rfc/rfc7468.htm
############################################################### Textual 
encoding begins with a line comprising "-----BEGIN ", a
   label, and "-----", and ends with a line comprising "-----END ", a
   label, and "-----".  Between these lines, or "encapsulation
   boundaries", are base64-encoded data according to Section 4 of
   [RFC4648].  (PEM [RFC1421] referred to this data as the "encapsulated



Josefsson & Leonard          Standards Track                    [Page 3]


RFC 7468                 PKIX Textual Encodings               April 2015


   text portion".)  Data before the encapsulation boundaries are
   permitted, and parsers MUST NOT malfunction when processing such 
data.########################################################################Could
 someone please comment on this one?



-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to