[PATCH] TLS: Load chain certificates from client_cert file
Isaac Boukris
iboukris at gmail.com
Sat Jan 20 17:36:44 PST 2018
This helps the server to build the chain to trusted CA.
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
---
src/crypto/tls_openssl.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index ce73848..3d789bb 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2653,10 +2653,9 @@ static int tls_connection_client_cert(struct tls_connection *conn,
return 0;
}
- if (SSL_use_certificate_file(conn->ssl, client_cert,
- SSL_FILETYPE_PEM) == 1) {
+ if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
ERR_clear_error();
- wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_chain_file"
" --> OK");
return 0;
}
--
2.1.0
More information about the Hostap
mailing list