Using certificate chains
Raphael Schlarb
r.schlarb at instar.com
Thu Mar 7 21:45:45 PST 2024
Hello, when enabling TLS via ‘setTLSState' only the first certificate from the certificate file is loaded and sent to the client.
This is often not enough as the client’s local trust store usually contains only the root CA, and if the leaf certificate is not
directly signed by a root CA then additional intermediate certificates are needed to verify the certificate chain.
In TLSState.cpp, using SSL_CTX_use_certificate_chain_file instead of SSL_CTX_use_certificate_file would allow
loading a certificate together with its intermediates.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20240308/ddbaf24d/attachment.htm>
More information about the live-devel
mailing list