* crypto.c: allow use of chained certificates

[citadel.git] / webcit / crypto.c

diff --git a/webcit/crypto.c b/webcit/crypto.c
index 07c4d405e50f85262b765a1670519e8ebc5d7e3b..5e690e4e745cae0eb0d31618a6b779e7410d1fa4 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -1,8 +1,11 @@
-/* $Id$ */
+/*
+ * $Id$
+ *
+ * Provides HTTPS, when the OpenSSL library is available.
+ */
 
 #ifdef HAVE_OPENSSL
 
-
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
@@ -329,8 +332,10 @@ void init_ssl(void)
 
        /*
         * Now try to bind to the key and certificate.
+        * Note that we use SSL_CTX_use_certificate_chain_file() which allows
+        * the certificate file to contain intermediate certificates.
         */
-       SSL_CTX_use_certificate_file(ssl_ctx, CTDL_CER_PATH, SSL_FILETYPE_PEM);
+       SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH);
        SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM);
        if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
                lprintf(3, "Cannot install certificate: %s\n",