Use algorithm specific chains for certificates.

Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs. (cherry picked from commit a4339ea3ba045b7da038148f0d48ce25f2996971) Conflicts: CHANGES
author: Dr. Stephen Henson <steve@openssl.org> 2014-01-03 22:38:03 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-01-03 22:45:20 +0000
commit: b9fa413a08d436d6b522749b5e808fcd931fd943 (patch)
tree: 0cf636d5f11a4150e19a87a0840af64f9b02536e /ssl/ssl_rsa.c
parent: 4abe148444d739b033dc6fe8613eba0b8ac82270 (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 55dc1b3dd9..73e9179e4e 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -762,19 +762,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 		X509 *ca;
 		int r;
 		unsigned long err;
-		
-		if (ctx->extra_certs != NULL)
-			{
-			sk_X509_pop_free(ctx->extra_certs, X509_free);
-			ctx->extra_certs = NULL;
-			}
 
+		SSL_CTX_clear_chain_certs(ctx);
+		
 		while ((ca = PEM_read_bio_X509(in, NULL,
 					ctx->default_passwd_callback,
 					ctx->default_passwd_callback_userdata))
 			!= NULL)
 			{
-			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+			r = SSL_CTX_add0_chain_cert(ctx, ca);
 			if (!r) 
 				{
 				X509_free(ca);
author	Dr. Stephen Henson <steve@openssl.org>	2014-01-03 22:38:03 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-01-03 22:45:20 +0000
commit	b9fa413a08d436d6b522749b5e808fcd931fd943 (patch)
tree	0cf636d5f11a4150e19a87a0840af64f9b02536e /ssl/ssl_rsa.c
parent	4abe148444d739b033dc6fe8613eba0b8ac82270 (diff)