2016-03-30 15:43 GMT-05:00 Mark Thomas <ma...@apache.org>: > > This implementation matches the code of setCertificateRaw(), I see no > > obvious errors (just high-level review comparing the two methods). > > Thanks. I'll look at implementing these tomorrow. > > > I wonder about "idx" argument in setCertificateRaw() - the case of > > using several certificate types in parallel (RSA, DSA, ECC -- see > > SSL_AIDX_DSA etc. in include/ssl_private.h and Javadoc for this > > method). > > > > I think that each certificate has its own chain going up to different > > root CA certificate. > > No. They have to have the same chain. That is a 'feature' of OpenSSL. > > I can confirm that since I had a look because the init code looked a bit odd. The different types for a single certificate have to share the same chain. OTOH, the feature wouldn't be *so* useful either.
Rémy
