On 6/13/2014 3:15 AM, nicolas@free.fr wrote:
> the fact is a server can only send a single certificate, however this one can
> be signed by multiple CAs
I wish. Unfortunately, it's a single certificate, signed by a single
CA. Which itself can be signed by another single CA, and so on until
--END CERTIFICATE-
Regards.
- Original Message -
From: nicolas@free.fr
To: openssl-users@openssl.org
Date: Fri, 13 Jun 2014 02:02:51 +0200 (CEST)
Subject: Re : Re: Re : Re: 2 Server certificates
> Hi,
>
> sorry for the first answer, I didn't read in details :-/
> looki
Hi Nicolas,
pit-ca issued another certificate to a client wanting to connect to the same
server identified by secure.payerspot.com.
I'm looking for a solution allowing two clients to connect to the same
server using certificates issued by different CAs.
In this case the client forces the server
Jun 2014 16:39:23 +0200 (CEST)
Objet: Re: Re : Re: 2 Server certificates
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the set
tions can't help because the certificates are stored in
blob not in files.
Regards
- Original Message -
From: nicolas@free.fr
To: openssl-users@openssl.org
Date: Thu, 12 Jun 2014 16:22:36 +0200 (CEST)
Subject: Re : Re: 2 Server certificates
> Hi
>
> it seems tha
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the setting
valid for ssl's SSL_CTX object.
SSL_CTX_add_client_CA() adds the CA name
Hi
it seems that you could use the following functions :
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
-> sets the list of trusted CA sent to client (here Rapid SSL CA and pit-ca)
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char
*CApath)
