[openssl-users] Certificate chain validation
Salz, Rich
rsalz at akamai.com
Fri Apr 21 22:37:09 UTC 2017
You are asking two different questions.
The certificates that the *client* sends are specified by the various “use certficiate” API’s. No chain is built. See doc/man3/SSL_CTX_use_certificate.pod, especially the “use certificate chain file” API.
As for what the *server* does, it tries to use what the client sends and build a chain up to one of the certificates that is in the local, server, trust store.
The API’s are a bit different for 1.0.2 than for 1.1.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170421/0a03335f/attachment-0001.html>
More information about the openssl-users
mailing list