Use algorithm specific chains for certificates.

Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
author: Dr. Stephen Henson <steve@openssl.org> 2014-01-03 22:38:03 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-01-03 22:39:49 +0000
commit: a4339ea3ba045b7da038148f0d48ce25f2996971 (patch)
tree: 6d945867198bbc00fc2c1dd518b567b21fa329a1 /ssl/ssl_rsa.c
parent: e8b0dd57c0e9c53fd0708f0f458a7a2fd7a95c91 (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 953295518d..7fcd8460a3 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -758,19 +758,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 		X509 *ca;
 		int r;
 		unsigned long err;
-		
-		if (ctx->extra_certs != NULL)
-			{
-			sk_X509_pop_free(ctx->extra_certs, X509_free);
-			ctx->extra_certs = NULL;
-			}
 
+		SSL_CTX_clear_chain_certs(ctx);
+		
 		while ((ca = PEM_read_bio_X509(in, NULL,
 					ctx->default_passwd_callback,
 					ctx->default_passwd_callback_userdata))
 			!= NULL)
 			{
-			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+			r = SSL_CTX_add0_chain_cert(ctx, ca);
 			if (!r) 
 				{
 				X509_free(ca);
author	Dr. Stephen Henson <steve@openssl.org>	2014-01-03 22:38:03 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-01-03 22:39:49 +0000
commit	a4339ea3ba045b7da038148f0d48ce25f2996971 (patch)
tree	6d945867198bbc00fc2c1dd518b567b21fa329a1 /ssl/ssl_rsa.c
parent	e8b0dd57c0e9c53fd0708f0f458a7a2fd7a95c91 (diff)