You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2022/11/08 14:53:47 UTC
[trafficserver] branch 9.2.x updated: Fix Loading Client Certificate Chain (#9177)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.2.x by this push:
new adeaff198 Fix Loading Client Certificate Chain (#9177)
adeaff198 is described below
commit adeaff19847c8cc0fa9688561baa8591be6fe5f4
Author: Mo Chen <mo...@apache.org>
AuthorDate: Tue Nov 8 08:48:36 2022 -0600
Fix Loading Client Certificate Chain (#9177)
Client certificate chain loading was using the wrong OpenSSL API,
causing the chain to be loaded incorrectly.
(cherry picked from commit 9a7b4644d5ceebcad14307020534841ab233544d)
---
iocore/net/SSLConfig.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 0af21d410..a992a266e 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -828,7 +828,7 @@ SSLConfigParams::getCTX(const std::string &client_cert, const std::string &key_f
// Continue to fetch certs to associate intermediate certificates
cert = PEM_read_bio_X509(biop, nullptr, nullptr, nullptr);
while (cert) {
- if (!SSL_CTX_use_certificate(client_ctx.get(), cert)) {
+ if (!SSL_CTX_add_extra_chain_cert(client_ctx.get(), cert)) {
SSLError("failed to attach client chain certificate from %s", client_cert.c_str());
goto fail;
}