diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-09-04 10:32:55 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-09-04 10:32:55 +0000 |
commit | dc21671e5784fdafb85117c08386e065e7d0ea79 (patch) | |
tree | 8d93db5523da0987cf8a37baf0735274953e8982 | |
parent | d7067fb3b07fcd126a7ce12a306be16786521449 (diff) |
support chained ssl certificates; a chain can be added to the
PEM-encoded server cert file (no CA support yet).
makes a chained ssl certificate from Comodo work with hoststated, also
tested with other certs (self-signed, Thawte Premium)
thanks to ben (pr0ncracker at gmail dot com)
-rw-r--r-- | usr.sbin/hoststated/relay.c | 4 | ||||
-rw-r--r-- | usr.sbin/relayd/relay.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/usr.sbin/hoststated/relay.c b/usr.sbin/hoststated/relay.c index e863ce35c01..6957472a48d 100644 --- a/usr.sbin/hoststated/relay.c +++ b/usr.sbin/hoststated/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.36 2007/07/26 23:29:40 jsg Exp $ */ +/* $OpenBSD: relay.c,v 1.37 2007/09/04 10:32:54 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -1997,7 +1997,7 @@ relay_ssl_ctx_create(struct relay *rlay) "/etc/ssl/%s.crt", hbuf) == -1) goto err; log_debug("relay_ssl_ctx_create: using certificate %s", certfile); - if (!SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM)) + if (!SSL_CTX_use_certificate_chain_file(ctx, certfile)) goto err; /* Load the private key */ diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index e863ce35c01..6957472a48d 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.36 2007/07/26 23:29:40 jsg Exp $ */ +/* $OpenBSD: relay.c,v 1.37 2007/09/04 10:32:54 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -1997,7 +1997,7 @@ relay_ssl_ctx_create(struct relay *rlay) "/etc/ssl/%s.crt", hbuf) == -1) goto err; log_debug("relay_ssl_ctx_create: using certificate %s", certfile); - if (!SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM)) + if (!SSL_CTX_use_certificate_chain_file(ctx, certfile)) goto err; /* Load the private key */ |