[openssl-dev] Certificate chain issue.
asmarner at yahoo.com
asmarner at yahoo.com
Sun Aug 28 14:54:09 UTC 2016
I am using SSL_CTX_use_certificate_chain_file() to load the certificate chain.
Due to some issue, my certificate chain file has the following (please look at the stray character "?")
-----BEGIN CERTIFICATE-----
Base-64 data of server
-----END CERTIFICATE-----
?-----BEGIN CERTIFICATE-----
Base-64 data of Int CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Base-64 data of Root CA
-----END CERTIFICATE-----
?
I see that the certificate immediately following the "?" is getting not delivered during handshake; in this case certificate of Intermediate CA.
Was going through https://www.irt.org/rfc/rfc7468.htm
############################################################### Textual encoding begins with a line comprising "-----BEGIN ", a
label, and "-----", and ends with a line comprising "-----END ", a
label, and "-----". Between these lines, or "encapsulation
boundaries", are base64-encoded data according to Section 4 of
[RFC4648]. (PEM [RFC1421] referred to this data as the "encapsulated
Josefsson & Leonard Standards Track [Page 3]
RFC 7468 PKIX Textual Encodings April 2015
text portion".) Data before the encapsulation boundaries are
permitted, and parsers MUST NOT malfunction when processing such data.########################################################################Could someone please comment on this one?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160828/b7fc6e66/attachment-0001.html>
More information about the openssl-dev
mailing list