[guest - Fri Nov 17 05:24:37 2006]:

> If a CA uses intermediary certs that are not distributed in all
> truststores such as quovadis with mozilla's trust store. Servers do not
> only transmit leaf certificates, but also intermediary ones.
>
> http://httpd.apache.org/docs/2.1/mod...icatechainfile
>
> So, with
> openssl s_client -connect smtp.privasphere.com:25 -debug -starttls smtp
>
> I do see that more than cert is sent:
> Certificate chain
> 0 s:/C=CH/ST=ZH/L=Zuerich/O=PrivaSphere AG/OU=Secure
> Messaging/CN=smtp.privasphere.com
> i:/C=CH/O=QuoVadis Trustlink Schweiz AG/OU=Issuing Certificate
> Authority/CN=QV Schweiz ICA
> 1 s:/C=CH/O=QuoVadis Trustlink Schweiz AG/OU=Issuing Certificate
> Authority/CN=QV Schweiz ICA
> i:/C=BM/O=QuoVadis Limited/OU=Root Certification
> Authority/CN=QuoVadis Root Certification Authority
>
> but even with the debug option, only the leaf certificate is shown while
> I would like also see the others in the chain


The documented -showcerts option does that.

Steve.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org