When SSL is enabled for the server and the certificate buffer in the SSL configuration contains a chain of certificates, the server is only configured with the last certificate in the chain, rather than the whole chain. This is because the server calls SslContext::set_certificate(), which only sets one certificate even if it receives a whole chain. This leads to failures when connecting to a Rustls client, since Rustls expects the server to present a chain of certificates starting from the root CA. For example, I tested with these certs. The Rustls client used ca.cert, while the tiny-http server used end.fullchain and end.key, and I got a TLS error on the client.
When SSL is enabled for the server and the certificate buffer in the SSL configuration contains a chain of certificates, the server is only configured with the last certificate in the chain, rather than the whole chain. This is because the server calls
SslContext::set_certificate(), which only sets one certificate even if it receives a whole chain. This leads to failures when connecting to a Rustls client, since Rustls expects the server to present a chain of certificates starting from the root CA. For example, I tested with these certs. The Rustls client usedca.cert, while thetiny-httpserver usedend.fullchainandend.key, and I got a TLS error on the client.