[Date Prev][Date Next]
(ITS#8586) load cert+chain from TLSCertificateFile
Full_Name: Andreas Schulze
Version: RE24 testing call (2.4.45)
Submission from: (NULL) (2001:a60:f0b4:e502:80b6:610b:8fc2:abfe)
as discussed on the technical ML it's uncommon to put chain certificates in
TLSCACertificateFile or TLSCACertificatePath. In case of a intermediate CA like
"Let's Encrypt Authority X3" it may be wrong becaus the user is forced to
/TRUST/ that intermediate for a unrelated purpose.
SSL_CTX_use_certificate_chain_file() should be used instead of the
SSL_CTX_use_certificate_file() function in order to allow the use of complete
certificate chains even when no trusted CA storage is used or when the CA
the certificate shall not be added to the trusted CA storage.
The patch andreas-schulze-20170211.patch only apply for openssl.