Blob Blame History Raw
Fix things so that chains of certificates work in the server and client
certificate files.

This only really works for OpenSSL-based builds, as yassl is unable to read
multiple certificates from a file.  The patch below to yassl/src/ssl.cpp
doesn't fix that, but just arranges that the viosslfactories.c patch won't
have any ill effects in a yassl build.  Since we don't use yassl in Red Hat/
Fedora builds, I'm not feeling motivated to try to fix yassl for this.

See RH bug #598656.  Filed upstream at
diff --git a/vio/ b/vio/
index 5e881e3..2927e7f 100644
--- a/vio/
+++ b/vio/
@@ -198,7 +198,7 @@ static int vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file,
   if (!key_file && cert_file) key_file = cert_file;
   if (cert_file &&
-      SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) {
+      SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
     *error = SSL_INITERR_CERT;
                ("%s from file '%s'", sslGetErrString(*error), cert_file));