On Mon, Sep 12, 2016 at 11:16 PM, Ian Sutton <i...@ce.gl> wrote:
> httpd currently fails to serve over TLS if the certificate file
> specified in httpd.conf contains an intermediate certificate ahead of
> the site's certificate. httpd still starts with no error indication
> (with rcctl) but `httpd -d` shows:
Hmm. What wording of the documentation suggested that multiple
certificates should or *could* be place in that file? The manpage
says
certificate file
Specify the certificate to use for this server. The file
should contain a PEM encoded certificate. The default is
/etc/ssl/server.crt.
It doesn't say how it behaves if there are multiple certificates in
the file, so why do you think the current behavior is wrong? More
precisely, since it *doesn't* say *which* cert in the file it would
use when there are multiple, it may use any of them. If the one it
chose didn't match the key that you provided the yeah, it'll fail.
So, as the old joke goes, "don't do that!"
Having looked at the source, I *think* I know which it'll use as the
server cert, and what it'll do with other certs in file, but
a) I haven't tested it and
b) more importantly, reyk@ hasn't documented a behavior and thereby
decided it's supported, in some sense.
Philip Guenther
