On 02/11/17 18:00, Viktor Dukhovni wrote:
> On Thu, Nov 02, 2017 at 12:15:16PM +0000, admin@??? wrote:
>
>> OpenSSL:
>> The Notes section of SSL_CTX_use_certificate_chain_file(3ssl) uses the word
>> "added", implying we can call it multiple times. The description for
>> SSL_CTX_use_PrivateKey_file() also says "added".
>
> I may have mentioned this on this list before, but just in case:
>
> * Some versions of OpenSSL prior to 1.1.0 (don't recall whether
> this includes 1.0.2 or not), don't correctly handle the
> issuer certificate lists when using multiple chain files.
>
> IIRC, the last chain file loaded was used to provide the issuer
> certificates for all the public key types. The work-around is to
> make sure that all the issuer certificates needed by *any* leaf
> cert are present in *each* chain file.
>
> It would be great if you could test this with 1.0.2, and post your
> findings (likely worth documenting, if 1.0.2 still exhibits the
> anomaly).
>
With OpenSSL 1.0.2k-fips :-
Server has loaded two full-chain .pem files, each having
a leaf-cert, an intermediate, and an anchor.
One chain is pure RSA, the other is pure EC.
For no specified cipher priority list on the server :-
the certificates sent with the server-hello are the RSA chain
(which was the first set in the load sequence).
For a priority list "ECDSA:RSA:!COMPLEMENTOFDEFAULT" :-
the certificates sent with the server-hello are the EC chain.
In both test cases the client-hello listed a full set of
sig-alorithms (including both RSA and ECDSA types).
--
Cheers,
Jeremy
