Commit 4c6426fc authored by Vladislav Vaintroub's avatar Vladislav Vaintroub

Fix LPBUG# : allow chain certificate files to work.

Contributed by Maarten Vanraes (AL13N)

Fix things so that chains of certificates work in the server and client
certificate files.

This only really works for OpenSSL-based builds, as yassl is unable to read
multiple certificates from a file.  The patch below to yassl/src/ssl.cpp
doesn't fix that, but just arranges that the viosslfactories.c patch won't
have any ill effects in a yassl build.
parent a6eb0991
...@@ -1607,10 +1607,10 @@ unsigned long ERR_get_error() ...@@ -1607,10 +1607,10 @@ unsigned long ERR_get_error()
} }
int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*) int SSL_CTX_use_certificate_chain_file(SSL_CTX* ctx, const char* file)
{ {
// TDOD: // For the moment, treat like use_certificate_file
return SSL_SUCCESS; return read_file(ctx, file, SSL_FILETYPE_PEM, Cert);
} }
......
...@@ -100,7 +100,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file, ...@@ -100,7 +100,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file,
(long) ctx, cert_file, key_file)); (long) ctx, cert_file, key_file));
if (cert_file) if (cert_file)
{ {
if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0)
{ {
*error= SSL_INITERR_CERT; *error= SSL_INITERR_CERT;
DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file)); DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment