Updated Branches: refs/heads/3.2.x ff40d5f9d -> 4ddeef216
TS-1374: Cert path not working using intermdiate certificate Review/Test: jpeach, igalic, zwoop Backport: igalic Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/4ddeef21 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/4ddeef21 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/4ddeef21 Branch: refs/heads/3.2.x Commit: 4ddeef216d4952ebcc8bcfb09527b9a22179787f Parents: 7a96191 Author: James Peach <[email protected]> Authored: Wed Jul 18 19:51:02 2012 -0700 Committer: Igor GaliÄ <[email protected]> Committed: Thu Jul 19 18:30:55 2012 -0700 ---------------------------------------------------------------------- CHANGES | 3 ++- STATUS | 5 ----- iocore/net/SSLNetProcessor.cc | 10 ++++++++++ 3 files changed, 12 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/4ddeef21/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 4db2093..e0deff2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,9 @@ -*- coding: utf-8 -*- -<<<<<<< HEAD Changes with Apache Traffic Server 3.2.1 *) [TS-1358] Don't link libreadline with all binaries and plugins. + *) [TS-1374] Cert path not working using intermdiate certificate + *) [TS-1373] Silence spurious error when adding SSL certificates with alternate names *) [TS-1338] SSL not handling some events properly http://git-wip-us.apache.org/repos/asf/trafficserver/blob/4ddeef21/STATUS ---------------------------------------------------------------------- diff --git a/STATUS b/STATUS index 27ea661..15ee808 100644 --- a/STATUS +++ b/STATUS @@ -75,11 +75,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ New patches should be added at the end of the list ] - *) Cert path not working using intermdiate certificate - Trunk patch: 4ed023427a90c0d2bfa9c0c9dab26304f9aaf9fb - Jira: https://issues.apache.org/jira/browse/TS-1374 - +1: jpeach, igalic, zwoop - RELEASE PROCESS http://git-wip-us.apache.org/repos/asf/trafficserver/blob/4ddeef21/iocore/net/SSLNetProcessor.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetProcessor.cc b/iocore/net/SSLNetProcessor.cc index a52cb0b..034408c 100644 --- a/iocore/net/SSLNetProcessor.cc +++ b/iocore/net/SSLNetProcessor.cc @@ -274,6 +274,16 @@ SSLNetProcessor::initSSLServerCTX(SSL_CTX * lCtx, const SslConfigParams * param, } ats_free(completeServerCertPath); + if (param->serverCertChainPath) { + char *completeServerCaCertPath = Layout::relative_to(param->getServerCACertPathOnly(), param->serverCertChainPath); + if (SSL_CTX_add_extra_chain_cert_file(lCtx, param->serverCertChainPath) <= 0) { + Error ("SSL ERROR: Cannot use server certificate chain file: %s", completeServerCaCertPath); + ats_free(completeServerCaCertPath); + return -2; + } + ats_free(completeServerCaCertPath); + } + if (!SSL_CTX_check_private_key(lCtx)) { logSSLError("Server private key does not match the certificate public key"); return -4;
