* crypto.c: allow use of chained certificates

author Art Cancro <ajc@citadel.org>

Sat, 5 Mar 2005 22:26:26 +0000 (22:26 +0000)

committer Art Cancro <ajc@citadel.org>

Sat, 5 Mar 2005 22:26:26 +0000 (22:26 +0000)
author Art Cancro <ajc@citadel.org>
Sat, 5 Mar 2005 22:26:26 +0000 (22:26 +0000)
committer Art Cancro <ajc@citadel.org>
Sat, 5 Mar 2005 22:26:26 +0000 (22:26 +0000)
diff --git a/webcit/ChangeLog b/webcit/ChangeLog

index 97c5edf7fec112ffe18bfcaabe2e35950ef48004..95efa2abb5d8bd33470d69bc5afe36792030e1f2 100644 (file)
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,4 +1,7 @@
  $Log$
+Revision 603.7  2005/03/05 22:26:26  ajc
+* crypto.c: allow use of chained certificates
+
  Revision 603.6  2005/03/05 05:04:34  ajc
  * minor html changes
  
@@ -2457,4 +2460,3 @@ Sun Dec  6 19:50:55 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
  
  1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
         * webserver.c: warning fix
-
diff --git a/webcit/crypto.c b/webcit/crypto.c

index 27e6893d07412c5aaed5115a9fc334284822c7eb..5e690e4e745cae0eb0d31618a6b779e7410d1fa4 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -332,8 +332,10 @@ void init_ssl(void)
  
         /*
          * Now try to bind to the key and certificate.
+        * Note that we use SSL_CTX_use_certificate_chain_file() which allows
+        * the certificate file to contain intermediate certificates.
          */
-       SSL_CTX_use_certificate_file(ssl_ctx, CTDL_CER_PATH, SSL_FILETYPE_PEM);
+       SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH);
         SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM);
         if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
                 lprintf(3, "Cannot install certificate: %s\n",
author	Art Cancro <ajc@citadel.org>
	Sat, 5 Mar 2005 22:26:26 +0000 (22:26 +0000)
committer	Art Cancro <ajc@citadel.org>
	Sat, 5 Mar 2005 22:26:26 +0000 (22:26 +0000)
webcit/ChangeLog		patch \| blob \| history
webcit/crypto.c		patch \| blob \| history