> On Nov 8, 2016, at 4:26 AM, Erwann Abalea <erwann.aba...@docusign.com> wrote:
>
> The root certificate is not expected to be sent by the server, as it already
> needs to be known and trusted by the client.
> However, you’re free to configure your server to send it, for debugging or
> informational purposes.
A root CA certificate MUST be sent when the server's DANE-TA(2)
TLSA record designates that root as a trust-anchor.
https://tools.ietf.org/html/rfc7671#section-5.2
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
