[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    Re: [openssl-dev] Loading of different Server CA certificates
From:       "Dave Thompson" <dthompson () prinpay ! com>
Date:       2015-01-28 7:49:34
Message-ID: 005701d03ace$f7d94630$e78bd290$ () prinpay ! com
[Download RAW message or body]

> From: openssl-dev On Behalf Of Satish.KumarYarru@cognizant.com
> Sent: Wednesday, January 28, 2015 00:08

This is a basic user question, not dev.

> I want to connect with different SSL servers. So I need to load different
Server CA certs into SSL Context. =


If the servers are (or may be) using different CAs, yes.

> Is it possible to load different server CA certs of different SSL servers
in a single SSL Context?
> If yes, when I am connecting with SSL server, SSL client can traverse all
the CA certificates =

> in the SSL context, and can find the CA certificate that is fit for the
Server URL?
=A0
Yes. There are actually two mechanisms. For CAfile, all the certs are loaded
into memory,
and the lookup just searches them. For CApath, the certs are left on disk,
with filenames =

using hashes of the canonical subject names; lookup takes the hash of the
needed CA,
and reads the file(s) if any for that hash to find it. See the manpage on
your system =

or at https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html .
Also https://www.openssl.org/docs/apps/verify.html for some more details.



_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[prev in list] [next in list] [prev in thread] [next in thread]