Re: OpenSSL server sending certificate chain(inc. root cert) during handshake

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Right, I realize it doesn't have to be sent, my questions are why is it sent and is there a way to force OpenSSL to not send it?

You may have answered the first question as to "why?". But is OpenSSL doing this just to make problems easier to diagnose? Are there other reasons?

More importantly, can I force OpenSSL to not send the root cert?

Thanks,

Jason


From: Sam Roberts <vieuxtech@xxxxxxxxx>
Sent: Friday, May 31, 2019 7:32 PM
To: Jason Schultz
Cc: openssl-users@xxxxxxxxxxx
Subject: Re: OpenSSL server sending certificate chain(inc. root cert) during handshake
 
The root cert is not used for validation, so it doesn't have to be
sent. However, sending it does no harm, and it is useful for humans
who are attempting to diagnose problems, it allows them to see what
what root cert they are expected to have locally for sucessful cert
chain validation.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux