There's one additional case that isn't covered solely by the use of SSL_CTX_add_extra_chain_cert().
That is when the application does not want to send *any* additional certificates. This might happen for example when: 1. The certificate chain has two certificates in it. 2. The root CA is also in the trusted CA store: meaning the auto chain build would always send it. 3. The application wants to omit the root CA from the sent chain. So to cover this case a new flag is needed SSL_MODE_NO_AUTO_CHAIN. This means that the new behaviour is to disable auto chain build if either the flag is set or any extra certificates have been added. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
