Re: [exim-dev] [Bug 2092] Should support dual-key configurat…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhil Pennock at <-
MMJeremy Harris at ->
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 2092] Should support dual-key configuration with lists of keys/certs


> On Nov 2, 2017, at 3:39 PM, Phil Pennock <pdp@???> wrote:
>
> On 2017-11-02 at 18:00 +0000, Viktor Dukhovni wrote:
>> IIRC, the last chain file loaded was used to provide the issuer
>> certificates for all the public key types. The work-around is to
>> make sure that all the issuer certificates needed by *any* leaf
>> cert are present in *each* chain file.
>
> Presumably this is covered under the OpenSSL CHANGES file item in the
> list under "Changes between 1.0.1l and 1.0.2 [22 Jan 2015]":
> 
> } *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
> }    this fixes a limiation in previous versions of OpenSSL.
> }    [Steve Henson]

That sounds about right. Worth a test, but looks promising. 

-- 
    Viktor.



This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] [Bug 2092] Should support dual-key configuration with lists of keys/certs[exim-dev] [Bug 2180] DKIM oversigning->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)