Paul Rubin schrieb:
>
> > What do you suggest for supporting this in mod_ssl, Bodo?
> > Via an explicit SSLCACertChain or whatever directive? Or implicitly?
>
> The behaviour that makes most sense, I think, is if you just have to
> append the CA certificate(s) to the usual certificate file.
>
> Something fancier might be appropriate. There may be situations where
> a different chain is needed depending on the browser type. Is it even
> possible to detect the browser type before sending the cert chain?
Sorry, impossible. That would require to detect some fingerprint
in the ClientHello msg of the browser. This is neither specified
somewhere nor by mistake "implemented" in some browsers ;-)
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
