[PATCH] RSA+DSA+ECC bundles
rob.stradling at comodo.com
Thu Oct 31 20:58:31 UTC 2013
On 24/10/13 01:26, Maxim Dounin wrote:
> As for multiple certs per se, I don't think it should be limited
> to recent OpenSSL versions only. As far as I can tell, current
> versions of OpenSSL will work just fine (well, mostly) as long as
> both ECDSA and RSA certs use the same certificate chain. I
> believe at least some CAs issue ECDSA certs this way, and this
> should work.
> Limiting support for multiple certs with separate certificate
> chains to only recent OpenSSL versions seems reasonable for me,
> but if Rob wants to try to make it work with older versions - I
> don't really object. If it won't be too hacky it might worth
Updated patch attached. This implements multiple certs and makes OCSP
Stapling work correctly with them. It works with all of the active
OpenSSL branches (including 0_9_8).
I'm afraid it's a much larger patch than I anticipated it would be when
I started working on it!
Maxim, does this patch look commit-able?
Senior Research & Development Scientist
COMODO - Creating Trust Online
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 56104 bytes
Desc: not available
More information about the nginx-devel