jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Load chain certificates from client_cert file

Browse source 
This helps the server to build the chain to trusted CA when PEM encoding
of client_cert is used with multiple listed certificates. This was
already done for the server certificate configuration, but the client
certificate was limited to using only the first certificate in the file.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
This commit is contained in:
Isaac Boukris 2018-01-21 01:36:44 +00:00 committed by Jouni Malinen
parent fb60dbdcec
commit 658c39809b
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/crypto/tls_openssl.c
View file

@ -2757,10 +2757,9 @@ static int tls_connection_client_cert(struct tls_connection *conn,
return 0;
}
if (SSL_use_certificate_file(conn->ssl, client_cert,
SSL_FILETYPE_PEM) == 1) {
if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
ERR_clear_error();
wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_chain_file"
" --> OK");
return 0;
}