support downloading alternate chains
the current default chains end with an expired root certificate for
maximum compatibility with old Android versions. this breaks some other
older clients (openssl, gnutls) which don't expect chains to contain any
expired certificates, even if they are 'above' the trust anchor.
by setting $root, it is possible to specify which root the ACME provided
certificate chain should end with, downloading alternate chains as
necessary.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
projects / proxmox-acme.git / commit