[trafficserver] 04/04: Select the current cert when looking for issuer

zwoop Tue, 06 Mar 2018 10:17:06 -0800

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


commit 912c44685864bea0bd8bae2fda0e2c927e6bb13b
Author: Randall Meyer <randallme...@yahoo.com>
AuthorDate: Tue Mar 6 08:22:19 2018 -0800

    Select the current cert when looking for issuer
    
    This is needed when working with multiple cert chains
    
    Fixes issue #3032
    
    (cherry picked from commit a470492a82b4ab3aa13e944e4206f254ed9d9015)
---
 iocore/net/OCSPStapling.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index d764c75..b5b7e46 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -82,6 +82,13 @@ stapling_get_issuer(SSL_CTX *ssl_ctx, X509 *x)
   if (inctx == nullptr) {
     return nullptr;
   }
+
+#ifdef SSL_CTX_select_current_cert
+  if (!SSL_CTX_select_current_cert(ssl_ctx, x)) {
+    Warning("OCSP: could not select current certifcate chain %p", x);
+  }
+#endif
+
   if (X509_STORE_CTX_init(inctx, st, nullptr, nullptr) == 0) {
     goto end;
   }

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] 04/04: Select the current cert when looking for issuer

Reply via email to