[openssl-users] How to use RSA certificate and ECC certificate simutaneously

maoly527 at 163.com
Fri Nov 23 07:14:33 UTC 2018


Hi Viktor,


>Do you then add chain certificates one by one?
Yes, and SSL_CTX_use_certificate() also works in multiple certificate types on 1.0.2. Many thanks, Jane


在 2018-11-22 01:24:06,"Viktor Dukhovni" <openssl-users at dukhovni.org> 写道:
>> On Nov 21, 2018, at 3:11 AM, 毛 <maoly527 at 163.com> wrote:
>> 
>> We are using SSL_CTX_use_certificate() instead of 
>> SSL_CTX_use_certificate_chain_file().
>
>Do you then add chain certificates one by one?
>
>> Does it also support multiple certificate chains?
>
>I believe it will work correctly in 1.1.x, and perhaps in 1.0.2, but
>it has been a while since I've looked at the details.  Check the
>documentation and if necessary the source code.  If the documentation
>fails to describe this adequately, please open an issue on Github.
>
>> And as I know, OpenSSL 1.0.2 and later have a separate chain store for
>> each type of certificate (RSA, ECC or DSA), Is there any bad impact to
>> call it multiple times for same type of certificate?
>
>No, but only the last key/cert loaded for a given algorithm will be
>used, any previous setting will be replaced.  Make sure always load
>both to avoid having a certificate that does not match the private key.
>
>-- 
>-- 
>	Viktor.
>
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181123/b153d498/attachment.html>


More information about the openssl-users mailing list