Full_Name: Andreas Schulze Version: RE24 testing call (2.4.45) OS: Linux URL: ftp://ftp.openldap.org/incoming/andreas-schulze-20170211.patch Submission from: (NULL) (2001:a60:f0b4:e502:80b6:610b:8fc2:abfe)

as discussed on the technical ML it's uncommon to put chain certificates in TLSCACertificateFile or TLSCACertificatePath. In case of a intermediate CA like "Let's Encrypt Authority X3" it may be wrong becaus the user is forced to /TRUST/ that intermediate for a unrelated purpose.

from https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_use_certificate.html#NOTES:

SSL_CTX_use_certificate_chain_file() should be used instead of the SSL_CTX_use_certificate_file() function in order to allow the use of complete certificate chains even when no trusted CA storage is used or when the CA issuing the certificate shall not be added to the trusted CA storage.

The patch andreas-schulze-20170211.patch only apply for openssl.