Hi , I was looking at ur posting. I didn't find any reply to this.
I have few doubts. 1. if server certificate is signed by some X and root CA issued certificate to X. then what should be passed to the function call SSL_CTX_use_certificate_chain_file() should i pass only the server certificate or file having both certificates of X and server or file having root CA certificate, X certificate and server certificate. 2. in the above scenerio what shud be passed to SL_CTX_load_verify_locations() at the client side which is interested in verifying the server certificate. whether it should be loaded with X certificate or file having both X certificate and root CA certificate. 3. and let me know what shud passed to SSL_CTX_use_certificate_chain_file() at server side and what shud be passed to SL_CTX_load_verify_locations() client side for self signed certificates thanks in advance. with regds ajay kumar When using OpenSSL v.0.9.6 and calling SSL_CTX_use_certificate_chain_file() and supplying a .PEM file containing the server cert and signing certs, the signing root certs do not appear to be sent to the client when using s_client -showcerts. Is the chain file a series of concatenated PEM files similar to a file = passed to SSL_CTX_load_verify_locations()? Does one need to make additional function call(s)? I am not getting an error return from the chain call. I've read the help docs linked around http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html# My file is sorted starting with the server cert and going up to the root cert. I am not calling SSL_CTX_load_verify_locations() within my server because I'm not expecting client certs and the help docs do not indicate this is required. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
