This is an automated email from the ASF dual-hosted git repository. vmamidi pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 9a7b4644d Fix Loading Client Certificate Chain (#9177) 9a7b4644d is described below commit 9a7b4644d5ceebcad14307020534841ab233544d Author: Mo Chen <moc...@apache.org> AuthorDate: Tue Nov 8 08:48:36 2022 -0600 Fix Loading Client Certificate Chain (#9177) Client certificate chain loading was using the wrong OpenSSL API, causing the chain to be loaded incorrectly. --- iocore/net/SSLConfig.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 29b2fcfb8..6d34998d3 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -834,7 +834,7 @@ SSLConfigParams::getCTX(const std::string &client_cert, const std::string &key_f // Continue to fetch certs to associate intermediate certificates cert = PEM_read_bio_X509(biop, nullptr, nullptr, nullptr); while (cert) { - if (!SSL_CTX_use_certificate(client_ctx.get(), cert)) { + if (!SSL_CTX_add_extra_chain_cert(client_ctx.get(), cert)) { SSLError("failed to attach client chain certificate from %s", client_cert.c_str()); goto fail; }