Hi all,
I am using server certificate "X" problematically with following API for each
SSL * session. X is dynamically generated for each client, when its CA(s)
as always same.
SSL_use_certificate(this_ssl, X);
It works fine when there is single CA certificate "A" who sign "X",
but when I want to use intermediate CA "B" child of "A", then
I am sure above API wont work.
To make it work I found following APIs from documentation.
1) int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
2) long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
3) int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
But seems 1 & 2 both works only on SSL_CTX *while I need API that work on SSL *
, I want to give different certificate chain for each client.
And 3 wont be applicable for me as I am loading certificates from memory and not
from the file.
Have anybody any idea how to load several certificates to SSL *ssl, to form
complete Chain (note: I have my all CA certificates "A" and "B" in memory).
Thanks,
Saurabh
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
