On Tue, 2014-09-09 at 15:28 +0200, Reindl Harald wrote:
Am 09.09.2014 um 08:26 schrieb Adam Williamson:
certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case
sure?
Well, I mean, that's what's written down in the RFC, you can go read it for yourself. I'm not setting myself up as the world's leading authority on TLS, I need at least another fifteen minutes of googling before I do that. ;)