From 65897747469537db3ef316174ab082f3aeae5cbd Mon Sep 17 00:00:00 2001 From: Maciej Szmigiero Date: Sat, 19 Nov 2011 12:06:59 +0200 Subject: [PATCH] OpenSSL: Read certificate chain from server_cert file Currently OpenSSL implementation of TLS in hostapd loads only top certificate in server certificate file. Change this to try to the whole chain first and only if that fails, revert to old behavior. Signed-off-by: Maciej Szmigiero --- src/crypto/tls_openssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 6380ce007..837409669 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1663,6 +1663,7 @@ static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, SSL_FILETYPE_ASN1) != 1 && + SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 && SSL_CTX_use_certificate_file(ssl_ctx, client_cert, SSL_FILETYPE_PEM) != 1) { tls_show_errors(MSG_INFO, __func__,