There is a configuration field tls_certificate which can be configured to point to a PEM file, which does appear to in fact accept certificate chains, but it appears the entire chain but the certificate itself is discarded. The result of this is validation of a certificate not signed directly by a CA will always fail.
The code in build_acceptor seems to likely be where the additional certs are being discarded, and could probably be adapted with no additional changes to make TLS work correctly.
I am not aware of any way to work around this or anything I may have misconfigured.
There is a configuration field
tls_certificatewhich can be configured to point to a PEM file, which does appear to in fact accept certificate chains, but it appears the entire chain but the certificate itself is discarded. The result of this is validation of a certificate not signed directly by a CA will always fail.The code in
build_acceptorseems to likely be where the additional certs are being discarded, and could probably be adapted with no additional changes to make TLS work correctly.I am not aware of any way to work around this or anything I may have misconfigured.