the chain by itself
>
> you can also create a single chain containing all your certificates (both CAs
> and Roots, in any order)
> once again the verification should be done transparently
>
>
> let me know if it works, or if you already tried
>
>
> - Mail d&#
Hi Nicolas,
pit-ca issued another certificate to a client wanting to connect to the same
server identified by secure.payerspot.com.
I'm looking for a solution allowing two clients to connect to the same
server using certificates issued by different CAs.
In this case the client forces the server
CApath);
> -> the CApath should point to a folder where certificates of both CAs are
> stored
>
> OpenSSL should be able to recover the certificate chain by itself
>
> Hope it works
> Nico
>
> - Mail d'origine -
> De: Hafedh TRIMECHE
> À: opens
s
> To handle CA cert chain, you can use SSL_CTX_add_extra_chain_cert..
>
> are you expect certificate form client ?
>
> -
> Saurabh
>
>
> On Thu, Jun 12, 2014 at 7:09 AM, Hafedh TRIMECHE
> wrote:
>
> > Hi,
> > I would implement an OpenSSL Server
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the setting
valid for ssl's SSL_CTX object.
SSL_CTX_add_client_CA() adds the CA name
I used this pascal procedure to handle other CAs
procedure TWEBStandaloneServer.InsertCA(CA,Root:UnicodeString);
var
x509 : pX509;
begin
{ The next four functions are only useful for TLS/SSL servers.
f_SSL_CTX_add_client_CA : function(C: PSSL_CTX; CaCert:
PX509): Integer; cdecl
cate form client ?
>
> -
> Saurabh
>
>
> On Thu, Jun 12, 2014 at 7:09 AM, Hafedh TRIMECHE
> wrote:
>
> > Hi,
> > I would implement an OpenSSL Server which can handle authentication
> > initiated by 2 client certificates issued by 2 CAs:
> > Client1 &
Hi,
I would implement an OpenSSL Server which can handle authentication
initiated by 2 client certificates issued by 2 CAs:
Client1 < CA1 < Root1
and
Client2 < CA2 < Root2
Please how to achieve mutual authentication using some APIs:
- X509_STORE_add_cert
- SSL_CTX_add_extra_chain_cert
- SSL_CTX_ad
