diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-01-03 22:38:03 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-01-03 22:45:20 +0000 |
commit | b9fa413a08d436d6b522749b5e808fcd931fd943 (patch) | |
tree | 0cf636d5f11a4150e19a87a0840af64f9b02536e /ssl/ssl_rsa.c | |
parent | 4abe148444d739b033dc6fe8613eba0b8ac82270 (diff) |
Use algorithm specific chains for certificates.
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.
Update docs.
(cherry picked from commit a4339ea3ba045b7da038148f0d48ce25f2996971)
Conflicts:
CHANGES
Diffstat (limited to 'ssl/ssl_rsa.c')
-rw-r--r-- | ssl/ssl_rsa.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 55dc1b3dd9..73e9179e4e 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -762,19 +762,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) X509 *ca; int r; unsigned long err; - - if (ctx->extra_certs != NULL) - { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } + SSL_CTX_clear_chain_certs(ctx); + while ((ca = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata)) != NULL) { - r = SSL_CTX_add_extra_chain_cert(ctx, ca); + r = SSL_CTX_add0_chain_cert(ctx, ca); if (!r) { X509_free(ca); |