Hello, Can s_client be used to send additional certificates (i.e. certificates that are not part of the chain for the current connection)
I am trying to do the following (pseudocode): s_client -key myclient.key -cert myclient.cer -verifyCAfile expectedserverCA -connect server:port -fileAdditionalCertsToSend othercerts The -fileAdditionalCertsToSend does not exist but I'd like to mimic this if possible. The options -cert_chain and -build_chain don't seem to be what I want because I want s_client to send the additional certificates regardless, not attempt to build any chain using them. -cert_chain A file or URI of untrusted certificates to use when attempting to build the certificate chain related to the certificate specified via the -cert option. The input can be in PEM, DER, or PKCS#12 format. -build_chain Specify whether the application should build the client certificate chain to be provided to the server. For additional context - the server is expecting the chain [client1,ca1] but the extended verification logic suggests I might be able to connect using [client2, ca2] - because of the way the server builds and validates a chain from the list of untrusted certs presented by the client. My pseudo usage of s_client equates to: s_client -key client2.key -cert client2.cer -verifyCAfile expectedserverCA -connect server:port -fileAdditionalCertsToSend [client1, ca1] Kind regards Andrew
