lib-ssl-iostream: Fix alt cert support

It was only partially implemented in 0577701d04beea222fc49a7318851ddcea3b99d3

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index ef8c70615f20b30bdf982c36a530a9cf8e67843e..17a995ab44b90984184467c041f134e02236ba49 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -392,6 +392,16 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
                if (ssl_iostream_ctx_use_key(ctx, &set->cert, error_r) < 0)
                        return -1;
        }
+       if (set->alt_cert.cert != NULL &&
+           ssl_ctx_use_certificate_chain(ctx->ssl_ctx, set->alt_cert.cert) == 0) {
+               *error_r = t_strdup_printf("Can't load alternative SSL certificate: %s",
+                       openssl_iostream_use_certificate_error(set->alt_cert.cert, NULL));
+               return -1;
+       }
+       if (set->alt_cert.key != NULL) {
+               if (ssl_iostream_ctx_use_key(ctx, &set->alt_cert, error_r) < 0)
+                       return -1;
+       }
 
        if (set->dh != NULL) {
                if (ssl_iostream_ctx_use_dh(ctx, set, error_r) < 0)