On Tue, Apr 12, 2011 at 04:02:08PM -0400, Dave Thompson wrote: > The difference is that 's_client' has available the cert(s) sent > by the server, which can choose to send just the entity cert, > the full chain, or anywhere in between. www.google.com:443 > in particular sends the entity cert and the one intermediate > cert (Thawte SGC) which together with a Verisign root (obviously > in your truststore, see below) makes a complete chain.
Thanks for all your feedback. Lots of good details, thanks. Off to do more research... > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org -- Brian Reichert <reich...@numachi.com> BSD admin/developer at large ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
