From 67345882cdf8dbbc20c98c25ad6a491397daa5c6 Mon Sep 17 00:00:00 2001
From: Henning Brauer <henning@cvs.openbsd.org>
Date: Thu, 2 Oct 2003 16:21:32 +0000
Subject: chroot handling for SSLCertificateChainFile, problem found and fix
 tested by Sandor Palfy <netchan@cotse.net>

---
 usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
index 94b5d15e397..3ff679ea1a4 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
@@ -603,9 +603,10 @@ const char *ssl_cmd_SSLCertificateChainFile(
     char *cpPath;
 
     cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+    if (!ap_server_is_chrooted() && !ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
         return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
                           cpPath, "' not exists or empty", NULL);
+    ap_server_strip_chroot(cpPath, 0);
     sc->szCertificateChain = cpPath;
     return NULL;
 }
-- 
cgit v1.2.3