re-examination about `SSLContext#add_certificate_chain_file`

[thekuwayama]

SSLContext#add_certificate_chain_file() is able to load a chain certificates file. I want to re-examine this API.

As commented, the old setters(SSLContext#cert=, key=, extra_chain_cert=) are deprecated.
If add_certificate_chain_file is used, it is needed to call key= to load the private key associated with certificates.
That is, as provided add_certificate_chain_file and then it would be required key=.

The API that parses a chain certificates file is so nice and I think that is needed. So, I suggest 2 plans.

1. modify add_certificate_chain_file to accept the path to the private key. Also, it is needed to rename too.
2. provide Certificate.load_file and deprecate add_certificate_chain_file.

[ioquatix]

I agree.

Was add_certificate_chain_file actually released in any version?

[thekuwayama]

add_certificate_chain_file has not released yet. It is scheduled that is released in 2.2.0 version.

openssl/History.md

Line 33 in 62287be

* Add `OpenSSL::SSL::SSLContext#add_certificate_chain_file` for

[ioquatix]

So we could consider remove it before it’s released if we can implement the alternatives in time... do you have time to make PR?

[thekuwayama]

So sorry... I could not make the PR by the next release.

[ioquatix]

Don't be sorry, I'll see if I can take a stab. @hsbt if we decide to change this, what is the latest time we can merge this into Ruby 2.7?

[thekuwayama]

@ioquatix I sent PR(plan 1).

1. modify add_certificate_chain_file to accept the path to the private key. Also, it is needed to rename too.

You may review this later, I think. #257 (comment)