Hi Viktor,
>Do you then add chain certificates one by one?
Yes, and SSL_CTX_use_certificate() also works in multiple certificate types on 1.0.2. Many thanks, Jane
Yes, and SSL_CTX_use_certificate() also works in multiple certificate types on 1.0.2. Many thanks, Jane
在 2018-11-22 01:24:06,"Viktor Dukhovni" <openssl-users@xxxxxxxxxxxx> 写道: >> On Nov 21, 2018, at 3:11 AM, 毛 <maoly527@xxxxxxx> wrote: >> >> We are using SSL_CTX_use_certificate() instead of >> SSL_CTX_use_certificate_chain_file(). > >Do you then add chain certificates one by one? > >> Does it also support multiple certificate chains? > >I believe it will work correctly in 1.1.x, and perhaps in 1.0.2, but >it has been a while since I've looked at the details. Check the >documentation and if necessary the source code. If the documentation >fails to describe this adequately, please open an issue on Github. > >> And as I know, OpenSSL 1.0.2 and later have a separate chain store for >> each type of certificate (RSA, ECC or DSA), Is there any bad impact to >> call it multiple times for same type of certificate? > >No, but only the last key/cert loaded for a given algorithm will be >used, any previous setting will be replaced. Make sure always load >both to avoid having a certificate that does not match the private key. > >-- >-- > Viktor. > >-- >openssl-users mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
