ssl server doesn't send complete chain?
Wed May 13 06:56:17 CEST 2020
Hi that sounds like a feature request! A lot of the option handling is
still pretty influenced by OpenSSL, as many of the options
where once upon a time options to OpenSSL.
Regards Ingela Erlang/OTP Team Ericsson AB
Den fre 1 maj 2020 kl 17:47 skrev Roger Lipscombe <roger@REDACTED>:
> I've got a TLS server written in Erlang, and I'm using a custom root
> CA and intermediate CA. When I attempt to use the certfile option to
> ssl, with the server cert and intermediate cert in the same file, the
> server sends only the server cert to the client. It doesn't send the
> intermediate CA.
> I found a similar problem reported against VerneMQ, here:
> But if I use gnutls-serv with the same server.pem, that _does_ send
> both certificates.
> What am I missing?
> I note that the cacertfile option is documented as
> "Path to a file containing PEM-encoded CA certificates. The CA
> certificates are used to build the server certificate chain and for
> client authentication."
> However, I want to use a completely separate certificate chain for
> client authentication, which is why I'm not putting my server CA in
> this list.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions