> On Nov 21, 2018, at 3:11 AM, 毛 <maoly527@xxxxxxx> wrote: > > We are using SSL_CTX_use_certificate() instead of > SSL_CTX_use_certificate_chain_file(). Do you then add chain certificates one by one? > Does it also support multiple certificate chains? I believe it will work correctly in 1.1.x, and perhaps in 1.0.2, but it has been a while since I've looked at the details. Check the documentation and if necessary the source code. If the documentation fails to describe this adequately, please open an issue on Github. > And as I know, OpenSSL 1.0.2 and later have a separate chain store for > each type of certificate (RSA, ECC or DSA), Is there any bad impact to > call it multiple times for same type of certificate? No, but only the last key/cert loaded for a given algorithm will be used, any previous setting will be replaced. Make sure always load both to avoid having a certificate that does not match the private key. -- -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
