hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1318: Use certificate chains instead of individual files

Browse Source 
Using SSL_CTX_use_certificate_chain_file instead of
SSL_CTX_use_certificate_file allows the use of certificate chains. This is
the method that the OpenSSL documentation recommends:

https://wiki.openssl.org/index.php/Manual%3ASSL_CTX_use_certificate%283%29
This commit is contained in:
Markus Mäkelä 2017-07-18 10:07:41 +03:00
parent 00f046da1b
commit 9752068444
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/core/listener.c
View File

@ -299,7 +299,7 @@ listener_init_SSL(SSL_LISTENER *ssl_listener)
if (ssl_listener->ssl_cert && ssl_listener->ssl_key)
{
/** Load the server certificate */
if (SSL_CTX_use_certificate_file(ssl_listener->ctx, ssl_listener->ssl_cert, SSL_FILETYPE_PEM) <= 0)
if (SSL_CTX_use_certificate_chain_file(ssl_listener->ctx, ssl_listener->ssl_cert) <= 0)
{
MXS_ERROR("Failed to set server SSL certificate.");
return -1;