> > A concatenated cert like above works today without the new code that is > upcoming in Twisted. Which is cool also. > > That is completely new to me. Are you sure you're not mixing up Twisted's > behavior with nginx? > > If what you say is true, there would have never been the need for #2061 and > the monkey patching everyone was doing before it landed. Can you point me > at a server where you have deployed TLS like that please?
https://crossbardemo.tavendo.de/ws This works for me in Chrome, FF and IE. It is Twisted Web / Autobahn. Nothing in front. Now, using openssl s_client -host crossbardemo.tavendo.de -port 443 spits out errors complaining about "self-signed" cert inside. This might be because I not only included the StartSSL intermediate CA cert, but also their top-level CA cert (which is obviously self-signed). Maybe this is wrong, and one should only include up to (but excluding) root CA cert .. /Tobias _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
