On Monday 23 of May 2011, David Woodhouse wrote:
> On Mon, 2011-05-23 at 10:52 +0200, Arkadiusz Miskiewicz wrote:
> > The question is why "alert bad certificate" comes up if everything
> > looks fine, all intermediate certs are provided etc?
>
> The intermediate certs are being provided to Exim, but is Exim actually
> providing them to OpenSSL?
>
> See
> http://git.infradead.org/users/dwmw2/openconnect.git/blob/64eddc7:/ssl.c#l7
> 47 for inspiration, perhaps?
exim loads chain
if (!SSL_CTX_use_certificate_chain_file(ctx, CS expanded))
and according to openssl RT#1942 comment (mentioned in openconnect.git) "cert
with the same name" bug is fixed already (I'm using openssl 1.0.0d here).
--
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/
