<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Dear Sir/Madam,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I have an application which acting as SSL server. When the application loads the root and intermediate CA files from a CA path, the handshake between my application and openssl client was failed at the point when my application was authenticating
the client’s certificate. But when I bound the root CA and intermediate CA into a single pem file and reload it from my application, the handshake is successful. Could anybody help me resolve this issue? Below is the sample of my application code for loading
the CA certificates:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">if (SSL_CTX_load_verify_locations(ctx, caFile, caPath) != 1) {<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> exit;<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">}<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">if (SSL_CTX_set_default_verify_paths(ctx) != 1) {<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> exit;<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">}<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">if (SSL_CTX_use_certificate_chain_file(ctx, certFile) != 1) {<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> exit;<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">}<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">if (SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) != 1) {<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> exit;<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">}<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">SSL_CTX_set_verify_depth(ctx, chainDepths);<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, callback);<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal">Thank you very much!<o:p></o:p></p>
<p class="MsoNormal">Bob<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>