[hunchentoot-devel] Chained SSL-certificates support
Steffen Schulz
pepe_ml at gmx.net
Wed Sep 1 15:25:40 UTC 2010
Hi,
I had a similar problem some time ago but no time to investigate.
I think the chain cert must be provided at a separate place in the SSL
handshake. There's a special openssl function and it seems to be
exported in cl+ssl:
| CL+SSL:USE-CERTIFICATE-CHAIN-FILE (certificate-chain-file)
|
| Loads a PEM encoded certificate chain file certificate-chain-file and
| adds the chain to global context. The certificates must be sorted
| starting with the subject's certificate (actual client or server
| certificate), followed by intermediate CA certificates if applicable,
| and ending at the highest level (root) CA.
So its probably not very hard. There was also a patch available
somewhere online but it didn't work for me back then.
HTH,
Steffen
More information about the Tbnl-devel
mailing list