[9fans] certificates and tlssrv

[Brantley Coile]

I'm running a custom https server and I'm using
tlssrv to setup the session. How do I specify
all the certificates to show the client that I'm
in a known chain of certificates? I have
three certificates that chain all the way back
to someone all the browers trust, but it appears
that tlssrv is only telling them about the first one.

Brantley

[David Presotto]

We don't follow chains, we just believe any x.509 fingerprints we
have.

Is that what you are asking?

[Geoff Collyer]

I think he wants to have tlssrv present multiple certificates to
clients, so that they can follow the chain back to the root.

[Brantley Coile]

> I think he wants to have tlssrv present multiple certificates to
> clients, so that they can follow the chain back to the root.

I should know better than to compose a 9fans request at 8pm!

Geoff is correct. I want web browsers not to complain about the
certificate I give them. I have a chain we bought from somewhere.
Under openSSL (don't get me started : ) I put them all into a single
file that was loaded. The readcert(2) seems to stop after reading a
single cert. Should I hack it to catenate them togeter and set the
TLSconn->cert to that whole thing?

Thanks
Brantley

[boyd, rounin]

> We don't follow chains, we just believe any x.509 fingerprints we
> have.

good call. the PKI is a disaster and a monopoly.