From 86a2c33628b1cc00beff610d7b405e52166f294c Mon Sep 17 00:00:00 2001
From: Joshua Judson Rosen
Date: Thu, 17 Jul 2014 14:39:55 -0400
Subject: afclient: support loading complete cert-chains from cerfile.

This makes x.509 certification more usable/maintainable,
because the intermediate CA keys don't all need to be
maintained on the server (the certification tools just need
to concatenate the CA chain onto the APF-client certificates
as part of the certification-process).
---
 src/afclient.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/afclient.c b/src/afclient.c
index fbafcc1..5a823eb 100644
--- a/src/afclient.c
+++ b/src/afclient.c
@@ -708,7 +708,7 @@ main(int argc, char **argv)
 
     certif = ClientConfiguration_get_certificateFile(cconfig);
     if (certif) {
-      if (SSL_CTX_use_certificate_file(ctx, certif, SSL_FILETYPE_PEM) != 1) {
+      if (SSL_CTX_use_certificate_chain_file(ctx, certif) != 1) {
         aflog(LOG_T_INIT, LOG_I_CRIT,
             "Setting certificate failed (%s)... exiting", certif);
         exit(1);
-- 
cgit v1.1