You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2010/11/02 18:18:27 UTC
[jira] Resolved: (TS-494) SSL over ATS sending partial certificate
chain
[ https://issues.apache.org/jira/browse/TS-494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom resolved TS-494.
------------------------------
Resolution: Fixed
> SSL over ATS sending partial certificate chain
> -----------------------------------------------
>
> Key: TS-494
> URL: https://issues.apache.org/jira/browse/TS-494
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 2.1.3
> Reporter: vijaya bhaskar mamidi
> Fix For: 2.1.4
>
>
> ATS is sending only the first certificate block from the file configured under the "proxy.config.ssl.server.cert_chain.filename" setting in records.config.
> Code in SSLNet.cc
> int
> SSL_CTX_add_extra_chain_cert_file(SSL_CTX * ctx, const char *file)
> {
> BIO *in;
> int j;
> int ret = 0;
> X509 *x = NULL;
> in = BIO_new(BIO_s_file_internal());
> if (in == NULL) {
> SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
> goto end;
> }
> if (BIO_read_filename(in, file) <= 0) {
> SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
> goto end;
> }
> j = ERR_R_PEM_LIB;
> x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
> if (x == NULL) {
> SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
> goto end;
> }
> ret = SSL_CTX_add_extra_chain_cert(ctx, x);
> end:
> // if (x != NULL) X509_free(x);
> if (in != NULL)
> BIO_free(in);
> return (ret);
> }
> should loop across all the cert and the code should be:
> while ((x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata)) != NULL) {
> ret = SSL_CTX_add_extra_chain_cert(ctx, x);
> if (!ret) {
> X509_free(x);
> BIO_free(in);
> return -1;
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.