> From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dustin Oprea > Sent: Tuesday, May 20, 2014 14:07
> On Tue, May 20, 2014 at 1:04 PM, David Li <dlipub...@gmail.com> wrote: <snip> > The code that you cited doesn't use SSL_CTX_use_certificate_chain_file. You're right; I missed that in my answer. But use_cert does nearly the same things use_cchain does, so a SEGV in either is pretty likely the same bug. > I'm new to this arena, too. However, I don't think the public-key should be > in the trust chain. > Make sure that's correct, and that you're only sending the one certificate > into SSL_CTX_use_certificate_file. The publickey is in the cert which is in the trust chain. But what the OP called "server key" is undoubtedly the privatekey, which is treated as an object in its own right (unlike the publickey) and which must (also) be configured in the server; openssl's treatment of PEM input allows you to use one file for both the cert (or chain) and the privatekey, and this is often convenient. That's exactly what 's_server -cert file1' without a separate '-key file2' does. Similarly if you call use_cert (not use_cchain) on a file that contains multiple certs, it takes the first one and ignores the rest. That may or may not be what you want in a particular case, but it is definitely not a SEGV. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
