[nifi-minifi-cpp] branch master updated: MINIFICPP-1068 - Load entire certificate chain from PEM certificate file.

Mon, 21 Oct 2019 22:45:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

aboda pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git


The following commit(s) were added to refs/heads/master by this push:
     new 77b579b  MINIFICPP-1068 - Load entire certificate chain from PEM 
certificate file.
77b579b is described below

commit 77b579b0ba2fe644bbd902f70178d7af12eb5f70
Author: Andre Araujo <[email protected]>
AuthorDate: Sun Oct 20 05:21:13 2019 +0000

    MINIFICPP-1068 - Load entire certificate chain from PEM certificate file.
    
    Signed-off-by: Arpad Boda <[email protected]>
    
    This closes #665
---
 libminifi/src/controllers/SSLContextService.cpp | 2 +-
 libminifi/src/io/tls/TLSSocket.cpp              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libminifi/src/controllers/SSLContextService.cpp 
b/libminifi/src/controllers/SSLContextService.cpp
index 10944e2..41957c5 100644
--- a/libminifi/src/controllers/SSLContextService.cpp
+++ b/libminifi/src/controllers/SSLContextService.cpp
@@ -89,7 +89,7 @@ bool SSLContextService::configure_ssl_context(SSL_CTX *ctx) {
       EVP_PKEY_free(pkey);
       X509_free(cert);
     } else {
-      if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), 
SSL_FILETYPE_PEM) <= 0) {
+      if (SSL_CTX_use_certificate_chain_file(ctx, certificate.c_str()) <= 0) {
         logging::LOG_ERROR(logger_) << "Could not create load certificate " << 
certificate << ", " << getLatestOpenSSLErrorString();
         return false;
       }
diff --git a/libminifi/src/io/tls/TLSSocket.cpp 
b/libminifi/src/io/tls/TLSSocket.cpp
index e7909a0..9b094ea 100644
--- a/libminifi/src/io/tls/TLSSocket.cpp
+++ b/libminifi/src/io/tls/TLSSocket.cpp
@@ -92,7 +92,7 @@ int16_t TLSContext::initialize(bool server_method) {
       }
     }
     // load certificates and private key in PEM format
-    if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), 
SSL_FILETYPE_PEM) <= 0) {
+    if (SSL_CTX_use_certificate_chain_file(ctx, certificate.c_str()) <= 0) {
       logger_->log_error("Could not load certificate %s, for %X and %X error : 
%s", certificate, this, ctx, std::strerror(errno));
       error_value = TLS_ERROR_CERT_MISSING;
       return error_value;

Reply via email to