From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 5 Sep 2022 13:20:03 +0000 (-0400)
Subject: The OpenSSL code path wasn't loading the full certificate chain (Issue #465)
X-Git-Tag: v2.4.3~141
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd84d7fde692237af4996d4a0e985a3eb4a293f0;p=thirdparty%2Fcups.git

The OpenSSL code path wasn't loading the full certificate chain (Issue #465)
---

diff --git a/CHANGES.md b/CHANGES.md
index f96677675a..81aef4e680 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -12,6 +12,7 @@ Changes in CUPS v2.4.3 (TBA)
   hostname (Issue #419)
 - Fixed an OpenSSL crash bug (Issue #409)
 - Fixed a potential SNMP OID value overflow issue (Issue #431)
+- Fixed an OpenSSL certificate loading issue (Issue #465)
 - Look for default printer on network if needed (Issue ##452)
 - Now localize HTTP responses using the Content-Language value (Issue #426)
 - Raised file size limit for importing PPD via Web UI (Issue #433)
diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c
index ceb3abaedc..acc10fc420 100644
--- a/cups/tls-openssl.c
+++ b/cups/tls-openssl.c
@@ -1055,7 +1055,7 @@ _httpTLSStart(http_t *http)		// I - Connection to server
     }
 
     SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM);
-    SSL_CTX_use_certificate_file(context, crtfile, SSL_FILETYPE_PEM);
+    SSL_CTX_use_certificate_chain_file(context, crtfile);
   }
 
   // Set TLS options...