Hi Nico, As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when requesting a client certificate for the chosen ssl, overriding the setting valid for ssl's SSL_CTX object. SSL_CTX_add_client_CA() adds the CA name extracted from cacert to the list of CAs sent to the client when requesting a client certificate for ctx. The problem may be solved by sending two certificates to the client and it will check which one to verify regarding the CA issued the server certificate. SSL_CTX_load_verify_locations can't help because the certificates are stored in blob not in files. Regards -- View this message in context: http://openssl.6102.n7.nabble.com/2-Server-certificates-tp50872p50889.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
