具体的还是要看官网上的解释了:
NOTES The internal certificate store of OpenSSL can hold two private key/certificate pairs at a time(同时): one key/certificate of type RSA and one key/certificate of type DSA. The certificate used depends on the cipher select, see also <A HREF="../ssl/SSL_CTX_set_cipher_list.html#">
SSL_CTX_set_cipher_list(3)</A>.(居然出现这种错误)
When reading certificates and private keys from file, files of type SSL_FILETYPE_ASN1 (also known as DER, binary encoding) can only contain one certificate or private key(这样就比较受限制了), consequently SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting. Files of type SSL_FILETYPE_PEM can contain more than one item.
SSL_CTX_use_certificate_chain_file() adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using SSL_CTX_add_extra_chain_cert(3). There exists only one extra chain store, so that the same chain is appended to both types of certificates, RSA and DSA! If it is not intended to use both type of certificate at the same time, it is recommended to use the SSL_CTX_use_certificate_chain_file() instead of the SSL_CTX_use_certificate_file() function in order to allow the use of complete certificate chains even when no trusted CA storage is used or when the CA issuing the certificate shall not be added to the trusted CA storage.
If additional certificates are needed to complete the chain during the TLS negotiation, CA certificates are additionally looked up in the locations of trusted CA certificates, see SSL_CTX_load_verify_locations(3).
The private keys loaded from file can be encrypted(这个是加密). In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see SSL_CTX_set_default_passwd_cb(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.)
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
