diff -urN openvpn-2.0.2/options.c openvpn-2.0.2-ca/options.c
--- openvpn-2.0.2/options.c	Thu Aug  4 01:16:28 2005
+++ openvpn-2.0.2-ca/options.c	Mon Sep 19 21:05:22 2005
@@ -401,7 +401,7 @@
   "                  by a Certificate Authority in --ca file.\n"
   "--key file      : Local private key in .pem format.\n"
   "--pkcs12 file   : PKCS#12 file containing local private key, local certificate\n"
-  "                  and root CA certificate.\n"
+  "                  and optionally the root CA certificate.\n"
 #ifdef WIN32
   "--cryptoapicert select-string : Load the certificate and private key from the\n"
   "                  Windows Certificate System Store.\n"
@@ -1582,8 +1582,6 @@
 #endif
       if (options->pkcs12_file)
         {
-          if (options->ca_file)
-	    msg(M_USAGE, "Parameter --ca cannot be used when --pkcs12 is also specified.");
           if (options->cert_file)
 	    msg(M_USAGE, "Parameter --cert cannot be used when --pkcs12 is also specified.");
           if (options->priv_key_file)
diff -urN openvpn-2.0.2/ssl.c openvpn-2.0.2-ca/ssl.c
--- openvpn-2.0.2/ssl.c	Thu Aug  4 12:50:08 2005
+++ openvpn-2.0.2-ca/ssl.c	Mon Sep 19 21:00:26 2005
@@ -832,14 +832,17 @@
         msg (M_SSLERR, "Private key does not match the certificate");
 
       /* Set Certificate Verification chain */
-      if (ca && sk_num(ca))
+      if (!options->ca_file)
         {
-          for (i = 0; i < sk_X509_num(ca); i++)
+          if (ca && sk_num(ca))
             {
-	      if (!X509_STORE_add_cert(ctx->cert_store,sk_X509_value(ca, i)))
-                 msg (M_SSLERR, "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
-              if (!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i)))
-                msg (M_SSLERR, "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
+              for (i = 0; i < sk_X509_num(ca); i++)
+                {
+	          if (!X509_STORE_add_cert(ctx->cert_store,sk_X509_value(ca, i)))
+                    msg (M_SSLERR, "Cannot add certificate to certificate chain (X509_STORE_add_cert)");
+                  if (!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i)))
+                    msg (M_SSLERR, "Cannot add certificate to client CA list (SSL_CTX_add_client_CA)");
+                }
             }
         }
     }
@@ -885,7 +888,10 @@
 		msg (M_SSLERR, "Private key does not match the certificate");
 	    }
 	}
+    }
 
+  if (options->ca_file)
+    {
       /* Load CA file for verifying peer supplied certificate */
       ASSERT (options->ca_file);
       if (!SSL_CTX_load_verify_locations (ctx, options->ca_file, NULL))
@@ -899,9 +905,8 @@
           msg (M_SSLERR, "Cannot load CA certificate file %s (SSL_load_client_CA_file)", options->ca_file);
         SSL_CTX_set_client_CA_list (ctx, cert_names);
       }
-
     }
-  
+
   /* Enable the use of certificate chains */
   if (using_cert_file)
     {