diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-01-03 22:38:03 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-01-03 22:39:49 +0000 |
commit | a4339ea3ba045b7da038148f0d48ce25f2996971 (patch) | |
tree | 6d945867198bbc00fc2c1dd518b567b21fa329a1 /ssl/ssl_rsa.c | |
parent | e8b0dd57c0e9c53fd0708f0f458a7a2fd7a95c91 (diff) | |
download | openssl-a4339ea3ba045b7da038148f0d48ce25f2996971.zip openssl-a4339ea3ba045b7da038148f0d48ce25f2996971.tar.gz openssl-a4339ea3ba045b7da038148f0d48ce25f2996971.tar.bz2 |
Use algorithm specific chains for certificates.
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.
Update docs.
Diffstat (limited to 'ssl/ssl_rsa.c')
-rw-r--r-- | ssl/ssl_rsa.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 9532955..7fcd846 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -758,19 +758,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) X509 *ca; int r; unsigned long err; - - if (ctx->extra_certs != NULL) - { - sk_X509_pop_free(ctx->extra_certs, X509_free); - ctx->extra_certs = NULL; - } + SSL_CTX_clear_chain_certs(ctx); + while ((ca = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata)) != NULL) { - r = SSL_CTX_add_extra_chain_cert(ctx, ca); + r = SSL_CTX_add0_chain_cert(ctx, ca); if (!r) { X509_free(ca); |