From 658c39809bf8c97632b185b71ab31c40f50e66fc Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sun, 21 Jan 2018 01:36:44 +0000 Subject: [PATCH] OpenSSL: Load chain certificates from client_cert file This helps the server to build the chain to trusted CA when PEM encoding of client_cert is used with multiple listed certificates. This was already done for the server certificate configuration, but the client certificate was limited to using only the first certificate in the file. Signed-off-by: Isaac Boukris --- src/crypto/tls_openssl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index d41f68a00..69c0c4005 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2757,10 +2757,9 @@ static int tls_connection_client_cert(struct tls_connection *conn, return 0; } - if (SSL_use_certificate_file(conn->ssl, client_cert, - SSL_FILETYPE_PEM) == 1) { + if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) { ERR_clear_error(); - wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" + wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_chain_file" " --> OK"); return 0; }