<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi Viktor,</div><div><br></div><div style="position:relative;zoom:1"></div><div id="divNeteaseMailCard"></div><div><span style="display: inline !important; float: none; background-color: transparent; color: rgb(0, 0, 0); font-family: arial; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: pre-wrap; word-spacing: 0px; word-wrap: break-word;">>Do you then add chain certificates one by one?<br></span>Yes, and <span style="display: inline !important; float: none; background-color: transparent; color: rgb(0, 0, 0); font-family: arial; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: pre-wrap; word-spacing: 0px; word-wrap: break-word;">SSL_CTX_use_certificate() also works in multiple certificate types on 1.0.2.
Many thanks,
Jane</span><br></div><pre><br>ÔÚ 2018-11-22 01:24:06£¬"Viktor Dukhovni" <openssl-users@dukhovni.org> дµÀ£º
>> On Nov 21, 2018, at 3:11 AM, ë <maoly527@163.com> wrote:
>>
>> We are using SSL_CTX_use_certificate() instead of
>> SSL_CTX_use_certificate_chain_file().
>
>Do you then add chain certificates one by one?
>
>> Does it also support multiple certificate chains?
>
>I believe it will work correctly in 1.1.x, and perhaps in 1.0.2, but
>it has been a while since I've looked at the details. Check the
>documentation and if necessary the source code. If the documentation
>fails to describe this adequately, please open an issue on Github.
>
>> And as I know, OpenSSL 1.0.2 and later have a separate chain store for
>> each type of certificate (RSA, ECC or DSA), Is there any bad impact to
>> call it multiple times for same type of certificate?
>
>No, but only the last key/cert loaded for a given algorithm will be
>used, any previous setting will be replaced. Make sure always load
>both to avoid having a certificate that does not match the private key.
>
>--
>--
> Viktor.
>
>--
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
</pre></div><br><br><span title="neteasefooter"><p> </p></span>