OpenSSL: Read certificate chain from server_cert file

Currently OpenSSL implementation of TLS in hostapd loads only top
certificate in server certificate file. Change this to try to the
whole chain first and only if that fails, revert to old behavior.

Signed-off-by: Maciej Szmigiero <mhej@o2.pl>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 6380ce007275e25ef01a5b1aa4cb0a1de2adb1b8..837409669f0565176a3d1fb895f283e3bbccae82 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1663,6 +1663,7 @@ static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
 
        if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
                                         SSL_FILETYPE_ASN1) != 1 &&
+           SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
            SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
                                         SSL_FILETYPE_PEM) != 1) {
                tls_show_errors(MSG_INFO, __func__,