Re: Certificate chain validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You are asking two different questions.

 

The certificates that the *client* sends are specified by the various “use certficiate” API’s.  No chain is built.  See doc/man3/SSL_CTX_use_certificate.pod, especially the “use certificate chain file” API.

 

As for what the *server* does, it tries to use what the client sends and build a chain up to one of the certificates that is in the local, server, trust store.

 

The API’s are a bit different for 1.0.2 than for 1.1.0

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux