> Something fancier might be appropriate. There may be
> situations where a different chain is needed depending on
> the browser type. Is it even possible to detect the browser
> type before sending the cert chain?
Huh? Unless I've missed something, the cert chain is uniquely
determined by the final cert, isn't it?
I wouldn't have thought that. Suppose of certs A,B,C, that C signs
B and B signs A. A is the final cert and lists B as issuer, so B
must sign A. But B might also be signed by D. So either of the
chains C,B,A or D,B,A would be valid. This can only work if the
issuer specifies a public key rather than a whole issuer cert.
I don't know for sure that x509 actually works that way.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
