On Tue, Nov 12, 2002 at 01:58:50PM +0530, [EMAIL PROTECTED] wrote:
> if we have scenerio where root CA gives certificates to SubCA which in turn
> gives certifcates to our server.
> what all the server shud give in the handshake ( both the SubCA and server
> certifcates or only server certificate or
> all the three rootCA , SubCA and server certificates.)
>
> what shud we load in the SSl_CTX_use_certificate_chain_file()
> and what shud load in the SSL_CTX_load_verify_locations() at the client
> side
The server MUST send server cert and SubCA cert, both to be specified
with the SSL_CTX_use_certificate_chain_file() function.
The server MAY send additionally the root CA cert. (I would recommend
to send it for completeness with respect to other people contacting
your server, but it is not required).
On the client side you only should load the rootCA cert with
SSL_CTX_load_verify_locations().
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
