Michael Bussmann <deb...@mb-net.net> writes: > It seems nnrpd -S does not send intermediate certificates that are > included in tlscertfile. Instead only the first certificate is > presented.
> On first glance it might be fixed by replacing > SSL_CTX_use_certificate_file() with SSL_CTX_use_certificate_chain_file() > in nnrpd/tls.c:379 (inside set_cert_stuff). Then again, I may be > totally wrong. INN does this in a kind of old-school way and expects you to set tlscafile or tlscapath to the separate file or directory containing the trust chain. (Not saying we shouldn't change this to also support a cert chain in the cert file, but that will probably get this working for you.) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
