From: Maciej Szmigiero <mhej@o2.pl>
Date: Sat, 19 Nov 2011 10:06:59 +0000 (+0200)
Subject: OpenSSL: Read certificate chain from server_cert file
X-Git-Tag: aosp-jb-start~299
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65897747469537db3ef316174ab082f3aeae5cbd;p=thirdparty%2Fhostap.git

OpenSSL: Read certificate chain from server_cert file

Currently OpenSSL implementation of TLS in hostapd loads only top
certificate in server certificate file. Change this to try to the
whole chain first and only if that fails, revert to old behavior.

Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 6380ce007..837409669 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1663,6 +1663,7 @@ static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert)
 
 	if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
 					 SSL_FILETYPE_ASN1) != 1 &&
+	    SSL_CTX_use_certificate_chain_file(ssl_ctx, client_cert) != 1 &&
 	    SSL_CTX_use_certificate_file(ssl_ctx, client_cert,
 					 SSL_FILETYPE_PEM) != 1) {
 		tls_show_errors(MSG_INFO, __func__,