On Tue, 2009-06-02 at 21:39 -0400, Victor Duchovni wrote: > The CAfile is for verification, not for sending alon the trust chain > of a given certificate.
OpenSSL currently _does_ use the CAfile for sending along the trust chain of its client certificate. It's buggy, but it tries :) > DO NOT append your CAfile to your certificate, instead include just > the leaf cert, then the issuing CAs bottom-up in the right order. AFAICT that doesn't make any difference -- OpenSSL doesn't use them from there anyway (unless it's a PKCS#12 file, but the client application has to handle all that manually anyway). -- dwmw2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
