diff options
| author | Joshua Judson Rosen | 2014-07-17 14:39:55 -0400 |
|---|---|---|
| committer | Jakub Slawinski | 2014-07-18 14:04:35 +0200 |
| commit | 86a2c33628b1cc00beff610d7b405e52166f294c (patch) | |
| tree | a1acbf66299b4ece13326883c211a5492e59de88 | |
| parent | Regenerated configure scripts. (diff) | |
| download | apf-86a2c33628b1cc00beff610d7b405e52166f294c.tar.gz | |
afclient: support loading complete cert-chains from cerfile.
This makes x.509 certification more usable/maintainable,
because the intermediate CA keys don't all need to be
maintained on the server (the certification tools just need
to concatenate the CA chain onto the APF-client certificates
as part of the certification-process).
| -rw-r--r-- | src/afclient.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/afclient.c b/src/afclient.c index fbafcc1..5a823eb 100644 --- a/src/afclient.c +++ b/src/afclient.c @@ -708,7 +708,7 @@ main(int argc, char **argv) certif = ClientConfiguration_get_certificateFile(cconfig); if (certif) { - if (SSL_CTX_use_certificate_file(ctx, certif, SSL_FILETYPE_PEM) != 1) { + if (SSL_CTX_use_certificate_chain_file(ctx, certif) != 1) { aflog(LOG_T_INIT, LOG_I_CRIT, "Setting certificate failed (%s)... exiting", certif); exit(1); |