You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by vm...@apache.org on 2010/10/28 01:28:18 UTC
svn commit: r1028138 - /trafficserver/traffic/trunk/iocore/net/SSLNet.cc
Author: vmamidi
Date: Wed Oct 27 23:28:18 2010
New Revision: 1028138
URL: http://svn.apache.org/viewvc?rev=1028138&view=rev
Log:
TS-494 fix for certficate chaining
Modified:
trafficserver/traffic/trunk/iocore/net/SSLNet.cc
Modified: trafficserver/traffic/trunk/iocore/net/SSLNet.cc
URL: http://svn.apache.org/viewvc/trafficserver/traffic/trunk/iocore/net/SSLNet.cc?rev=1028138&r1=1028137&r2=1028138&view=diff
==============================================================================
--- trafficserver/traffic/trunk/iocore/net/SSLNet.cc (original)
+++ trafficserver/traffic/trunk/iocore/net/SSLNet.cc Wed Oct 27 23:28:18 2010
@@ -62,13 +62,21 @@ SSL_CTX_add_extra_chain_cert_file(SSL_CT
}
j = ERR_R_PEM_LIB;
- x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
+ while ((x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata)) != NULL) {
+ ret = SSL_CTX_add_extra_chain_cert(ctx, x);
+ if (!ret) {
+ X509_free(x);
+ BIO_free(in);
+ return -1;
+ }
+ }
+/* x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
if (x == NULL) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
goto end;
}
- ret = SSL_CTX_add_extra_chain_cert(ctx, x);
+ ret = SSL_CTX_add_extra_chain_cert(ctx, x);*/
end:
// if (x != NULL) X509_free(x);
if (in != NULL)