From: Art Cancro <ajc@citadel.org>
Date: Sat, 5 Mar 2005 22:26:26 +0000 (+0000)
Subject: * crypto.c: allow use of chained certificates
X-Git-Tag: v7.86~4989
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=02b6dfb4a25532e0a644cb0a79a44f0149bbd545

* crypto.c: allow use of chained certificates
---

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index 97c5edf7f..95efa2abb 100644
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,4 +1,7 @@
 $Log$
+Revision 603.7  2005/03/05 22:26:26  ajc
+* crypto.c: allow use of chained certificates
+
 Revision 603.6  2005/03/05 05:04:34  ajc
 * minor html changes
 
@@ -2457,4 +2460,3 @@ Sun Dec  6 19:50:55 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
 
 1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
 	* webserver.c: warning fix
-
diff --git a/webcit/crypto.c b/webcit/crypto.c
index 27e6893d0..5e690e4e7 100644
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -332,8 +332,10 @@ void init_ssl(void)
 
 	/*
 	 * Now try to bind to the key and certificate.
+	 * Note that we use SSL_CTX_use_certificate_chain_file() which allows
+	 * the certificate file to contain intermediate certificates.
 	 */
-	SSL_CTX_use_certificate_file(ssl_ctx, CTDL_CER_PATH, SSL_FILETYPE_PEM);
+	SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH);
 	SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM);
 	if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
 		lprintf(3, "Cannot install certificate: %s\n",