From dc21671e5784fdafb85117c08386e065e7d0ea79 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Tue, 4 Sep 2007 10:32:55 +0000 Subject: support chained ssl certificates; a chain can be added to the PEM-encoded server cert file (no CA support yet). makes a chained ssl certificate from Comodo work with hoststated, also tested with other certs (self-signed, Thawte Premium) thanks to ben (pr0ncracker at gmail dot com) --- usr.sbin/relayd/relay.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'usr.sbin/relayd') diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index e863ce35c01..6957472a48d 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.36 2007/07/26 23:29:40 jsg Exp $ */ +/* $OpenBSD: relay.c,v 1.37 2007/09/04 10:32:54 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter @@ -1997,7 +1997,7 @@ relay_ssl_ctx_create(struct relay *rlay) "/etc/ssl/%s.crt", hbuf) == -1) goto err; log_debug("relay_ssl_ctx_create: using certificate %s", certfile); - if (!SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM)) + if (!SSL_CTX_use_certificate_chain_file(ctx, certfile)) goto err; /* Load the private key */ -- cgit v1.2.3