nt: Friday, May 31, 2019 9:44 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL server sending certificate chain(inc. root cert) during
handshake
> On May 31, 2019, at 3:20 PM, Jason Schultz wrote:
>
> My questions deal with #2: Why does OpenSSL include the root cert in the
> certif
> On May 31, 2019, at 3:20 PM, Jason Schultz wrote:
>
> My questions deal with #2: Why does OpenSSL include the root cert in the
> certificate chain?
The OpenSSL SSL_CTX_build_cert_chain(3) function constructs a complete
chain of trust for your certificate chain, based on the configured trust
s
ore importantly, can I force OpenSSL to not send the root cert?
Thanks,
Jason
From: Sam Roberts
Sent: Friday, May 31, 2019 7:32 PM
To: Jason Schultz
Cc: openssl-users@openssl.org
Subject: Re: OpenSSL server sending certificate chain(inc. root cert) during
hand
The root cert is not used for validation, so it doesn't have to be
sent. However, sending it does no harm, and it is useful for humans
who are attempting to diagnose problems, it allows them to see what
what root cert they are expected to have locally for sucessful cert
chain validation.
