Hi Viktor, Many thanks for your response.
We are using SSL_CTX_use_certificate() instead of SSL_CTX_use_certificate_chain_file(). Does it also support multiple certificate chains?
And as I know, OpenSSL 1.0.2 and later have a separate chain store for each type of certificate (RSA, ECC or DSA),
Is there any bad impact to call it multiple times for same type of certificate?
Is there any bad impact to call it multiple times for same type of certificate?
Best Regards,
Jane
At 2018-11-20 23:44:59, "Viktor Dukhovni" <openssl-users@xxxxxxxxxxxx> wrote: >> On Nov 20, 2018, at 9:48 AM, maoly527 <maoly527@xxxxxxx> wrote: >> >> Does anyone know how to use RSA and ECC certificate simultaneously in one server? > >You just configure two private keys and two certificate chains by calling: > > if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) { > /* error */; > } > if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { > /* error */; > } > if (SSL_CTX_check_private_key(ctx) != 0) { > /* error */; > } > >once for each "cert_file" and associated "key_file" (the same file often >holds both, in which case cert_file == key_file). The SSL error stack >will contain error details. > >The SSL library will automatically select the appropriate key and certificate >chain. > >-- > Viktor. > >-- >openssl-users mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
