This is an automated email from the ASF dual-hosted git repository.
vmamidi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 9a7b4644d Fix Loading Client Certificate Chain (#9177)
9a7b4644d is described below
commit 9a7b4644d5ceebcad14307020534841ab233544d
Author: Mo Chen <moc...@apache.org>
AuthorDate: Tue Nov 8 08:48:36 2022 -0600
Fix Loading Client Certificate Chain (#9177)
Client certificate chain loading was using the wrong OpenSSL API,
causing the chain to be loaded incorrectly.
---
iocore/net/SSLConfig.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 29b2fcfb8..6d34998d3 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -834,7 +834,7 @@ SSLConfigParams::getCTX(const std::string &client_cert,
const std::string &key_f
// Continue to fetch certs to associate intermediate certificates
cert = PEM_read_bio_X509(biop, nullptr, nullptr, nullptr);
while (cert) {
- if (!SSL_CTX_use_certificate(client_ctx.get(), cert)) {
+ if (!SSL_CTX_add_extra_chain_cert(client_ctx.get(), cert)) {
SSLError("failed to attach client chain certificate from %s",
client_cert.c_str());
goto fail;
}
