Topic: [SOLVED] server-example uses client certificate as CA
I've seen that the server example (/examples/server/server.c) uses the client certificate instead of the CA certificate as the default CA certificate. This applies to both, ECC and non-ECC:
char* verifyCert = (char*)cliCert; char* ourCert = (char*)svrCert; char* ourKey = (char*)svrKey;
#ifdef NO_RSA verifyCert = (char*)cliEccCert; ourCert = (char*)eccCert; ourKey = (char*)eccKey; #endif
Shouldn't it be
char* verifyCert = (char*)caCert;
in the first and
char* verifyCert = (char*)eccCert;
in the second case?
As an addition:
I think it's confusing that the server and CA certificate are the same in case of ECC (eccCert, expanding to "./certs/server-ecc.pem"), whereas an individual server certificate (svrCert, expanding to "./certs/server-cert.pem") and CA certificate (caCert, expanding to "./certs/ca-cert.pem") exist for the non-ECC case.
Imho it would be more intuitive if there would be two individual certificates (e.g. ./certs/server-ecc-cert.pem for the server with CA:FALSE basic constraint and ./certs/ca-ecc-cert.pem for the CA with CA:TRUE basic constraint) in the case of ECC.