Re: [PATCH] Re: [Exim] TLS and certificate chains

Góra strony
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Dla: John Holman
CC: exim-users
Temat: Re: [PATCH] Re: [Exim] TLS and certificate chains
On Thu, 4 Apr 2002, John Holman wrote:

> After some investigation, I patched tls.c from exim 3.35 so that it will
> send the client any necessary intermediate certificates as well as the
> server certificate itself. The recommended approach seems to be to call
> SSL_CTX_use_certificate_chain_file(ctx, file) rather than
> SSL_CTX_use_certificate_file(ctx, file, type) when initialising the SSL
> context. You can then include any intermediate certificates (and the
> root certificate too, though that is optional) in the certificate file
> and OpenSSL will automatically send them all as part of the SSL handshake.


Thank you for researching that. I will look at your patch in connection
with Exim 4. It sounds as though this is not something that needs an
option but can just be installed for everyone. Is that right? If you
only want one certificate sent, you just put one certification in the
file. Right?

> By the way, although overview documentation for OpenSSL is somewhat
> sparse,


Indeed. I've felt very SSL-ignorant. Thanks for the pointers.

Philip

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.