diff options
| author | Maciej Szmigiero <mhej@o2.pl> | 2011-11-19 12:06:59 +0200 |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2011-11-19 12:06:59 +0200 |
| commit | 65897747469537db3ef316174ab082f3aeae5cbd (patch) | |
| tree | 66bb2dbff43f15d00abf098c94b0a0e2154f32e9 /src/crypto | |
| parent | 8205c82a48c2fcab641556145deb06659ce7b70a (diff) | |
| download | external_wpa_supplicant_8_ti-65897747469537db3ef316174ab082f3aeae5cbd.zip external_wpa_supplicant_8_ti-65897747469537db3ef316174ab082f3aeae5cbd.tar.gz external_wpa_supplicant_8_ti-65897747469537db3ef316174ab082f3aeae5cbd.tar.bz2 | |
OpenSSL: Read certificate chain from server_cert file
Currently OpenSSL implementation of TLS in hostapd loads only top
certificate in server certificate file. Change this to try to the
whole chain first and only if that fails, revert to old behavior.
Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/tls_openssl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 6380ce0..8374096 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1663,6 +1663,7 @@ static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, SSL_FILETYPE_ASN1) != 1 && + SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 && SSL_CTX_use_certificate_file(ssl_ctx, client_cert, SSL_FILETYPE_PEM) != 1) { tls_show_errors(MSG_INFO, __func__, |