summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2007-09-04 10:32:55 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2007-09-04 10:32:55 +0000
commitdc21671e5784fdafb85117c08386e065e7d0ea79 (patch)
tree8d93db5523da0987cf8a37baf0735274953e8982
parentd7067fb3b07fcd126a7ce12a306be16786521449 (diff)
support chained ssl certificates; a chain can be added to the
PEM-encoded server cert file (no CA support yet). makes a chained ssl certificate from Comodo work with hoststated, also tested with other certs (self-signed, Thawte Premium) thanks to ben (pr0ncracker at gmail dot com)
-rw-r--r--usr.sbin/hoststated/relay.c4
-rw-r--r--usr.sbin/relayd/relay.c4
2 files changed, 4 insertions, 4 deletions
diff --git a/usr.sbin/hoststated/relay.c b/usr.sbin/hoststated/relay.c
index e863ce35c01..6957472a48d 100644
--- a/usr.sbin/hoststated/relay.c
+++ b/usr.sbin/hoststated/relay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relay.c,v 1.36 2007/07/26 23:29:40 jsg Exp $ */
+/* $OpenBSD: relay.c,v 1.37 2007/09/04 10:32:54 reyk Exp $ */
/*
* Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
@@ -1997,7 +1997,7 @@ relay_ssl_ctx_create(struct relay *rlay)
"/etc/ssl/%s.crt", hbuf) == -1)
goto err;
log_debug("relay_ssl_ctx_create: using certificate %s", certfile);
- if (!SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM))
+ if (!SSL_CTX_use_certificate_chain_file(ctx, certfile))
goto err;
/* Load the private key */
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c
index e863ce35c01..6957472a48d 100644
--- a/usr.sbin/relayd/relay.c
+++ b/usr.sbin/relayd/relay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relay.c,v 1.36 2007/07/26 23:29:40 jsg Exp $ */
+/* $OpenBSD: relay.c,v 1.37 2007/09/04 10:32:54 reyk Exp $ */
/*
* Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
@@ -1997,7 +1997,7 @@ relay_ssl_ctx_create(struct relay *rlay)
"/etc/ssl/%s.crt", hbuf) == -1)
goto err;
log_debug("relay_ssl_ctx_create: using certificate %s", certfile);
- if (!SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM))
+ if (!SSL_CTX_use_certificate_chain_file(ctx, certfile))
goto err;
/* Load the private key */