On Fri, Oct 04, 2002 at 12:08:31AM -0700, Cory Albrecht wrote:
> 1) When I use SSL_[CTX_]set_client_CA_list() and
> SSL_[CTX_]add_client_CA(), am I asking that the other side return
> specifically on of them? Or am I asking for a certificate that can
> eventually be chained up to one in the list?
You are sending the list of CAs, for which you are accepting client
certificates.
> 2) With SSL_CTX_add_extra_chain_cert(), do I have to add certificates
> in a specific order, explicitly specifying the chanin myself? Or do the
> certs added with it and SSL_CTX_load_verify_locations() make more of a
> cloud that OpenSSL will use to figure out a chain for whatever I set
> with SSL_use_certificate()?
They must be specifically ordered and include the chain of certificates
required, not less and not more than that.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
