There's one additional case that isn't covered solely by the use of
SSL_CTX_add_extra_chain_cert().

That is when the application does not want to send *any* additional
certificates. This might happen for example when:

1. The certificate chain has two certificates in it.

2. The root CA is also in the trusted CA store: meaning the auto chain
build would always send it.

3. The application wants to omit the root CA from the sent chain.

So to cover this case a new flag is needed SSL_MODE_NO_AUTO_CHAIN. This
means that the new behaviour is to disable auto chain build if either
the flag is set or any extra certificates have been added.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to