On 19.02.2014 20:23, Dr Stephen Henson wrote: > However for that to work it needs application support either explicitly by > using > SSL_CTX_add0_chain_cert or via the use of SSL_CTX_use_cetificate_chain_file > which uses this transparently in OpenSSL 1.0.2. I just checked and httpd > currently doesn't use either of these but an enhancement to tidy up > certificate > handling by Kaspar Brand does use SSL_CTX_use_certificate_chain_file.
That's part of the mod_ssl backport proposal currently in 2.4.x/STATUS. (A previous version had a vote from jorton, but I'm not sure if he's willing to refresh that... perhaps people feel uneasy with getting this into 2.4.8? A third vote would be needed in any case.) Kaspar