This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 7.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 912c44685864bea0bd8bae2fda0e2c927e6bb13b Author: Randall Meyer <randallme...@yahoo.com> AuthorDate: Tue Mar 6 08:22:19 2018 -0800 Select the current cert when looking for issuer This is needed when working with multiple cert chains Fixes issue #3032 (cherry picked from commit a470492a82b4ab3aa13e944e4206f254ed9d9015) --- iocore/net/OCSPStapling.cc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc index d764c75..b5b7e46 100644 --- a/iocore/net/OCSPStapling.cc +++ b/iocore/net/OCSPStapling.cc @@ -82,6 +82,13 @@ stapling_get_issuer(SSL_CTX *ssl_ctx, X509 *x) if (inctx == nullptr) { return nullptr; } + +#ifdef SSL_CTX_select_current_cert + if (!SSL_CTX_select_current_cert(ssl_ctx, x)) { + Warning("OCSP: could not select current certifcate chain %p", x); + } +#endif + if (X509_STORE_CTX_init(inctx, st, nullptr, nullptr) == 0) { goto end; } -- To stop receiving notification emails like this one, please contact zw...@apache.org.