But if it won’t trust that copy, that invalidates the chain, right?
On Sun, Jul 9, 2017 at 9:48 AM Heiko Schlittermann <h...@schlittermann.de>
wrote:
> Alexander Dalloz <ad+li...@uni-x.org> (So 09 Jul 2017 13:14:56 CEST):
> …
> > It is wrong to send the root CA along with the intermediate and server
> > certificates. The root CA cert must be in the CA trust bundle of the
> client.
>
> I wouldn't say it is wrong. But it should be useless, as the client
> wont trust the root CA it received. The client should trust only its
> copy of the root CA.
>
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann
> --
> SCHLITTERMANN.de ---------------------------- internet & unix support -
> Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
> gnupg encrypted messages are welcome --------------- key ID: F69376CE -
> ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
>
