13 Feb
2017
13 Feb
'17
7:16 p.m.
FWIW, tls_g already has the behaviour that (I think) this ticket asks for: if you set TLSCertificateFile to a file containing concatenated server and intermediate certs, it sends the chain of both.
I found that useful in a setup very similar to what Andreas and Michael describe: slapd with a server certificate issued by an external/public CA, but trusting only a specific internal CA to authenticate clients.
The comparison to mod_ssl is apt. Note that in recent versions httpd also supports loading the entire chain from SSLCertificateFile.