These are chat archives for IndySockets/Indy

10th
Aug 2018
davidwed
@davidwed
Aug 10 2018 06:53

Hi, I use the idFTPServer as FTPs server. Everything works with self-signed certificates.
IdServerIOHandlerSSLOpenSSL->SSLOptions->KeyFile / IdServerIOHandlerSSLOpenSSL->SSLOptions->CertFile / IdServerIOHandlerSSLOpenSSL->SSLOptions->RootCertFile are set.

Where can I specify a certificate version chain?

Excuse me, I mean a certification chain.
mezen
@mezen
Aug 10 2018 07:45
If I remember correctly, you have to use a file with your complete chain as IdServerIOHandlerSSLOpenSSL->SSLOptions->CertFile
davidwed
@davidwed
Aug 10 2018 07:58
All right,
and what is IdServerIOHandlerSSLOpenSSL->SSLOptions->RootCertFile good for?
Remy Lebeau
@rlebeau
Aug 10 2018 18:28
@davidwed SSLOptions->RootCertFile refers to a single file in PEM format containing 1 or more trusted CA certificates. There is also an SSLOptions->VerifyDirs property that refers to a folder containing trusted CA certificates in individual PEM files. See OpenSSL's documentation for the SSL_CTX_load_verify_locations() function for more details: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html