[openssl-users] How to use RSA certificate and ECC certificate simutaneously
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Nov 21 17:24:06 UTC 2018
> On Nov 21, 2018, at 3:11 AM, 毛 <maoly527 at 163.com> wrote:
>
> We are using SSL_CTX_use_certificate() instead of
> SSL_CTX_use_certificate_chain_file().
Do you then add chain certificates one by one?
> Does it also support multiple certificate chains?
I believe it will work correctly in 1.1.x, and perhaps in 1.0.2, but
it has been a while since I've looked at the details. Check the
documentation and if necessary the source code. If the documentation
fails to describe this adequately, please open an issue on Github.
> And as I know, OpenSSL 1.0.2 and later have a separate chain store for
> each type of certificate (RSA, ECC or DSA), Is there any bad impact to
> call it multiple times for same type of certificate?
No, but only the last key/cert loaded for a given algorithm will be
used, any previous setting will be replaced. Make sure always load
both to avoid having a certificate that does not match the private key.
--
--
Viktor.
More information about the openssl-users
mailing list