OpenSSL: Load chain certificates from client_cert file

This helps the server to build the chain to trusted CA when PEM encoding
of client_cert is used with multiple listed certificates. This was
already done for the server certificate configuration, but the client
certificate was limited to using only the first certificate in the file.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
This commit is contained in:
Isaac Boukris 2018-01-21 01:36:44 +00:00 committed by Jouni Malinen
parent fb60dbdcec
commit 658c39809b

View file

@ -2757,10 +2757,9 @@ static int tls_connection_client_cert(struct tls_connection *conn,
return 0;
}
if (SSL_use_certificate_file(conn->ssl, client_cert,
SSL_FILETYPE_PEM) == 1) {
if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
ERR_clear_error();
wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_chain_file"
" --> OK");
return 0;
}