From 02b6dfb4a25532e0a644cb0a79a44f0149bbd545 Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Sat, 5 Mar 2005 22:26:26 +0000
Subject: [PATCH] * crypto.c: allow use of chained certificates

---
 webcit/ChangeLog | 4 +++-
 webcit/crypto.c  | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index 97c5edf7f..95efa2abb 100644
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,4 +1,7 @@
 $Log$
+Revision 603.7  2005/03/05 22:26:26  ajc
+* crypto.c: allow use of chained certificates
+
 Revision 603.6  2005/03/05 05:04:34  ajc
 * minor html changes
 
@@ -2457,4 +2460,3 @@ Sun Dec  6 19:50:55 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
 
 1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
 	* webserver.c: warning fix
-
diff --git a/webcit/crypto.c b/webcit/crypto.c
index 27e6893d0..5e690e4e7 100644
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -332,8 +332,10 @@ void init_ssl(void)
 
 	/*
 	 * Now try to bind to the key and certificate.
+	 * Note that we use SSL_CTX_use_certificate_chain_file() which allows
+	 * the certificate file to contain intermediate certificates.
 	 */
-	SSL_CTX_use_certificate_file(ssl_ctx, CTDL_CER_PATH, SSL_FILETYPE_PEM);
+	SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH);
 	SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM);
 	if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
 		lprintf(3, "Cannot install certificate: %s\n",
-- 
2.30.2