ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Load full certificate chain from a certificate chain file

Browse Source 
This commit fixes loading the certificate chain files so that the full
chain could be sent to the clients which require that for
verification. Before that fix only the top most certificate would be
loaded from the chain and sent to clients preventing some of them to
perform certificate validation (e.g. Windows 10 DoH client).
This commit is contained in:
Artem Boldariev
2021-03-09 14:45:03 +02:00
parent 6dee5c1b28
commit 75363dcb7c
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/isc/tls.c
View File

@@ -311,8 +311,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
EVP_PKEY_free(pkey);
BN_free(bn);
} else {
rv = SSL_CTX_use_certificate_file(ctx, certfile,
SSL_FILETYPE_PEM);
rv = SSL_CTX_use_certificate_chain_file(ctx, certfile);
if (rv != 1) {
goto ssl_error;
}