Is your feature request related to a problem? Please describe.
Certificates that work with built-in trust of most browsers are often not issued by the built-in CAs, but often by a CA certificate which has been certified by the built-in CA. If the HTTPS server doesn't provide the intermediate CA certificate during the handshake, the client cannot verify if the server's certificate is valid, as it doesn't know whether the signing key for that device belongs to a valid CA. To solve this, the server may provide the whole certificate chain up to a certificate which is signed by an identity which is assumed to be known by the client. The library should also support this.
Describe the solution you'd like
SSLCert should have an option to specify additional certificates in a certificate chain, which then are provided by the server during handshake.
Describe alternatives you've considered
Not using intermediate CAs might not be feasible in every case (e.g. Let's Encrypt), and having to deploy them on each client is not practicable and makes the CA as such superfluous.
Is your feature request related to a problem? Please describe.
Certificates that work with built-in trust of most browsers are often not issued by the built-in CAs, but often by a CA certificate which has been certified by the built-in CA. If the HTTPS server doesn't provide the intermediate CA certificate during the handshake, the client cannot verify if the server's certificate is valid, as it doesn't know whether the signing key for that device belongs to a valid CA. To solve this, the server may provide the whole certificate chain up to a certificate which is signed by an identity which is assumed to be known by the client. The library should also support this.
Describe the solution you'd like
SSLCert should have an option to specify additional certificates in a certificate chain, which then are provided by the server during handshake.
Describe alternatives you've considered
Not using intermediate CAs might not be feasible in every case (e.g. Let's Encrypt), and having to deploy them on each client is not practicable and makes the CA as such superfluous.
Additional context
May be the solution to #88