ril 21, 2017 3:37 PM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: Re: [openssl-users] Certificate chain validation
You are asking two different questions.
The certificates that the *client* sends are specified by the various “use
certficiate” API’s. No chain is buil
ssl-users@openssl.org>
Subject: Re: [openssl-users] Certificate chain validation
On 21/04/2017 03:37, Lei Kong wrote:
>
> When validating a certificate issued by an intermediate certificate
> authority, I noticed that I need to install both the root and the
> intermediate CA certificate
You are asking two different questions.
The certificates that the *client* sends are specified by the various “use
certficiate” API’s. No chain is built. See
doc/man3/SSL_CTX_use_certificate.pod, especially the “use certificate chain
file” API.
As for what the *server* does, it tries to use
org<mailto:openssl-users@openssl.org>
Subject: Re: [openssl-users] Certificate chain validation
On 21/04/2017 03:37, Lei Kong wrote:
>
> When validating a certificate issued by an intermediate certificate
> authority, I noticed that I need to install both the root and the
> interm
To: openssl-users@openssl.org
Subject: [openssl-users] Certificate chain validation
When validating a certificate issued by an intermediate certificate authority,
I noticed that I need to install both the root and the intermediate CA
certificate locally (with update-ca-certificates on ubuntu 16.04
On 21/04/2017 03:37, Lei Kong wrote:
When validating a certificate issued by an intermediate certificate
authority, I noticed that I need to install both the root and the
intermediate CA certificate locally (with update-ca-certificates on
ubuntu 16.04). Verification fails if only root CA cert
When validating a certificate issued by an intermediate certificate authority,
I noticed that I need to install both the root and the intermediate CA
certificate locally (with update-ca-certificates on ubuntu 16.04). Verification
fails if only root CA cert is installed (intermediate is not insta