On a tangent, this file format (and order) was actually finally standardized as "application/pem-certificate-chain" by RFC 8555 section 9.1 (the Automatic Certificate Management Environment protocol, or ACME).
On Wed, May 6, 2020 at 2:59 PM Michael Wojcik <michael.woj...@microfocus.com> wrote: > Get rid of the call to use_certificate_file and put everything the server > should be sending into the chain file, in the order described in the OpenSSL > documentation: entity certificate, certificate for its issuer, and so on up > to and including the root. (I've just noticed the docs don't say whether > use_certificate_chain_file specifies SSL_BUILD_CHAIN_FLAG_NO_ROOT when it > calls add1_chain_cert, so offhand I don't know whether this will cause the > root to be included in the chain the server sends. But that shouldn't really > matter.)
