Re: [exim-dev] [Bug 2092] Should support dual-key configurat…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-dev
Sujet: Re: [exim-dev] [Bug 2092] Should support dual-key configuration with lists of keys/certs


> On Nov 2, 2017, at 3:39 PM, Phil Pennock <pdp@???> wrote:
>
> On 2017-11-02 at 18:00 +0000, Viktor Dukhovni wrote:
>> IIRC, the last chain file loaded was used to provide the issuer
>> certificates for all the public key types. The work-around is to
>> make sure that all the issuer certificates needed by *any* leaf
>> cert are present in *each* chain file.
>
> Presumably this is covered under the OpenSSL CHANGES file item in the
> list under "Changes between 1.0.1l and 1.0.2 [22 Jan 2015]":
>
> } *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
> }    this fixes a limiation in previous versions of OpenSSL.
> }    [Steve Henson]


That sounds about right. Worth a test, but looks promising.

-- 
    Viktor.