[openssl-users] Certificate chain validation

Salz, Rich rsalz at akamai.com
Fri Apr 21 22:37:09 UTC 2017

You are asking two different questions.

The certificates that the *client* sends are specified by the various “use certficiate” API’s.  No chain is built.  See doc/man3/SSL_CTX_use_certificate.pod, especially the “use certificate chain file” API.

As for what the *server* does, it tries to use what the client sends and build a chain up to one of the certificates that is in the local, server, trust store.

The API’s are a bit different for 1.0.2 than for 1.1.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170421/0a03335f/attachment-0001.html>

More information about the openssl-users mailing list