When you specify the certificates using espconn_secure_ca_enable, you get to specify the CA certificates to use for checking.
It would be *really* nice if these certificates could be the *same* as one returned in the certificate chain from the server.
I.e. if the server (www.example.com) returns:
1: www.example.com signed by SuperDuper CA Intermediate
2: SuperDuper CA Intermediate signed by SuperDuper CA Primary
then I could provide *either* the SuperDuper CA Primary certificate, *or* the SuperDuper CA Intermediate certificate. This would provide more resilience in the case that the server operator changes the certificate chain returned.....
Thanks
PhilipStatistics: Posted by philip — Thu Mar 03, 2016 12:18 pm
]]>