Hi Viktor, Many thanks for your response.
We are using SSL_CTX_use_certificate() instead of
SSL_CTX_use_certificate_chain_file(). Does it also support multiple certificate
chains?
And as I know, OpenSSL 1.0.2 and later have a separate chain store for each
type of certificate (RSA, ECC or DSA),
Is there any bad impact to call it multiple times for same type of certificate?
Best Regards,
Jane
At 2018-11-20 23:44:59, "Viktor Dukhovni" <openssl-us...@dukhovni.org> wrote:
>> On Nov 20, 2018, at 9:48 AM, maoly527 <maoly...@163.com> wrote:
>>
>> Does anyone know how to use RSA and ECC certificate simultaneously in one
>> server?
>
>You just configure two private keys and two certificate chains by calling:
>
> if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
> /* error */;
> }
> if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
> /* error */;
> }
> if (SSL_CTX_check_private_key(ctx) != 0) {
> /* error */;
> }
>
>once for each "cert_file" and associated "key_file" (the same file often
>holds both, in which case cert_file == key_file). The SSL error stack
>will contain error details.
>
>The SSL library will automatically select the appropriate key and certificate
>chain.
>
>--
> Viktor.
>
>--
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
