OpenSSL: Load chain certificates from client_cert file

This helps the server to build the chain to trusted CA when PEM encoding
of client_cert is used with multiple listed certificates. This was
already done for the server certificate configuration, but the client
certificate was limited to using only the first certificate in the file.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index d41f68a0020f1fd794b04ec106598898c3cf3372..69c0c400591ae82729a1b216d667e7726b1b2cb1 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2757,10 +2757,9 @@ static int tls_connection_client_cert(struct tls_connection *conn,
                return 0;
        }
 
-       if (SSL_use_certificate_file(conn->ssl, client_cert,
-                                    SSL_FILETYPE_PEM) == 1) {
+       if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
                ERR_clear_error();
-               wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
+               wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_chain_file"
                           " --> OK");
                return 0;
        }