Thanks to Guillaume Martres for doing the necessary research to validate
the change.
(closes issue ASTERISK-17727)
Reported by: LN
Patches:
use_certificate_chain.patch (license #5864) patch uploaded by st
documente_certificate_chain.patch (license #6576) patch uploaded by Guillaume Martres
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@407272
65c4cc65-6c06-0410-ace0-
fbb531ad65f3
; Set to yes add Reason header and use Reason header if it is available.
;
;------------------------ TLS settings ------------------------------------------------------------
-;tlscertfile=</path/to/certificate.pem> ; Certificate file (*.pem format only) to use for TLS connections
- ; default is to look for "asterisk.pem" in current directory
+;tlscertfile=</path/to/certificate.pem> ; Certificate chain (*.pem format only) to use for TLS connections
+ ; The certificates must be sorted starting with the subject's certificate
+ ; and followed by intermediate CA certificates if applicable.
+ ; Default is to look for "asterisk.pem" in current directory
;tlsprivatekey=</path/to/private.pem> ; Private key file (*.pem format only) for TLS connections.
; If no tlsprivatekey is specified, tlscertfile is searched for
if (!ast_strlen_zero(cfg->certfile)) {
char *tmpprivate = ast_strlen_zero(cfg->pvtfile) ? cfg->certfile : cfg->pvtfile;
- if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0) {
+ if (SSL_CTX_use_certificate_chain_file(cfg->ssl_ctx, cfg->certfile) == 0) {
if (!client) {
/* Clients don't need a certificate, but if its setup we can use it */
ast_verb(0, "SSL error loading cert file. <%s>", cfg->certfile);
projects / thirdparty / asterisk.git / commitdiff
