* crypto.c: allow use of chained certificates

[citadel.git] / webcit / crypto.c

diff --git a/webcit/crypto.c b/webcit/crypto.c
index 27e6893d07412c5aaed5115a9fc334284822c7eb..5e690e4e745cae0eb0d31618a6b779e7410d1fa4 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -332,8 +332,10 @@ void init_ssl(void)
 
        /*
         * Now try to bind to the key and certificate.
+        * Note that we use SSL_CTX_use_certificate_chain_file() which allows
+        * the certificate file to contain intermediate certificates.
         */
-       SSL_CTX_use_certificate_file(ssl_ctx, CTDL_CER_PATH, SSL_FILETYPE_PEM);
+       SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH);
        SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM);
        if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
                lprintf(3, "Cannot install certificate: %s\n",