We are writing our server using openssl-0.9.4. If I understand it
correctly, here is how to do chain cert and client auth on the server
side.
o chain cert
Put the server cert and all CAs in a single file and use
"SSL_CTX_use_certificate_chain_file".
The order of certs in the file is very important. The first cert
must be the leaf, and the next is the one which signs the previous cert.
o client auth
Put all client CAs in a single file and use those functions:
SSL_CTX_set_verify(...);
SSL_CTX_load_verify_locations(....); /* load client CAs here */
SSL_CTX_set_default_verify_paths(...);
Well, there are more work to do. mode_ssl has a good sample.
Basically, I would like verify how to handle the server side CAs
and the client side CAs. Please correct me if my understanding is wrong.
Thanks.
--Yunhong
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
