On Fri, 2002-05-17 at 16:29, Daniel Stenberg wrote:
> On 16 May 2002, Roland Zimmermann wrote:
>
> > The attached patch seems to solve the problem. It is replacing the calls to
> > SSL_CTX_use_certificate_file by SSL_CTX_use_certificate_chain_file (only
> > PEM-certificates).
> >
> > Extract of the man-page of SSL_CTX_use_certificate:
> >
> > ... it is recommended to use the SSL_CTX_use_certificate_chain_file()
> > instead of the SSL_CTX_use_certificate_file() function in order to allow
> > the use of complete certificate chains ...
>
> Hey, this sounds just great!
>
> Is there any known drawbacks with always using
> SSL_CTX_use_certificate_chain_file() ?
>
> --
> Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/
>

Probably not because it is recommended by the people from openssl.
But: Any confirmation from a real expert would be nice.

Roland
 

-- 
Roland Zimmermann              Mail:  r.zimmermann_at_gmx.ch
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth_at_sourceforge.net