Hello,
We are looking for a potential tweak or customization of openSSL for an existing project, and I was wondering if I could get your input. Summary: we want to alter or configure openSSL so that it will pass the entire cert chain for authentication instead of just the first certificate. Passing just the first cert appears to be the default, which is not working for our application, but we cannot figure out how to change that particular setting so that the entire certificate chain is sent. Background: We are trying to perform SMPP over SSL connectivity using kannel on the client side and done configuration changes at the kannel side to make it perform as client and created the single cert file with the whole certificate chain (Signed certificate of the server, intermediate certs and the root cert) and the same currently deployed with kannel. But still clientside authentication fails because openssl which handles the SSL at the server passes the first certificate only (in our case it is signed certificate only) to the server side and does not process beyond that. In fact, openSSL must be configured to pass the entire chain (Intermediate certs and root cert), but it fails to do so. It turns out it is the by default behavior of the openSSL .We found at http://gagravarr.org/writing/openssl-certs/general.shtml that "In almost all cases, OpenSSL will assume that there's only one certificate in a given file. As such, it will generally only use the first certificate that it finds, and will ignore all others." This is the behavior we are trying to figure out how to chain. Does anyone have any suggestions here? I would appreciate your feedback. Thanks in advance, Best Regards, Fahim
