From: Art Cancro Date: Sat, 5 Mar 2005 22:31:02 +0000 (+0000) Subject: * Allow the use of chained certificates for crypto X-Git-Tag: v7.86~4988 X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=5c455ca485808510ef9288872dd9b71d9bbcf2bb;p=citadel.git * Allow the use of chained certificates for crypto --- diff --git a/citadel/ChangeLog b/citadel/ChangeLog index 501a21dcc..a4af26852 100644 --- a/citadel/ChangeLog +++ b/citadel/ChangeLog @@ -1,4 +1,7 @@ $Log$ + Revision 641.22 2005/03/05 22:31:01 ajc + * Allow the use of chained certificates for crypto + Revision 641.21 2005/03/04 20:04:00 ajc * IMAP FETCH RFC822.SIZE now honors the cached rfc822 size in each message's metadata, using it if present and storing it for next time @@ -6517,3 +6520,4 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant Fri Jul 10 1998 Art Cancro * Initial CVS import + diff --git a/citadel/docs/citadel.html b/citadel/docs/citadel.html index 203ec878a..f556e9716 100644 --- a/citadel/docs/citadel.html +++ b/citadel/docs/citadel.html @@ -2311,6 +2311,10 @@ Authority when you order the certificate.
  • When the certificate is received, simply save it as citadel.cer and restart the Citadel server.
    • +
  • If your certificate authority delivers a 'chained' certificate (one +with intermediate certificate authorities), simply append the intermediate +certificate after your server's own certificate in the citadel.cer +file.

    • diff --git a/citadel/serv_crypto.c b/citadel/serv_crypto.c index a730f5531..bac21b2b0 100644 --- a/citadel/serv_crypto.c +++ b/citadel/serv_crypto.c @@ -334,7 +334,7 @@ void init_ssl(void) /* * Now try to bind to the key and certificate. */ - SSL_CTX_use_certificate_file(ssl_ctx, CTDL_CER_PATH, SSL_FILETYPE_PEM); + SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH); SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM); if ( !SSL_CTX_check_private_key(ssl_ctx) ) { lprintf(CTDL_CRIT, "Cannot install certificate: %s\n",