projects
/
umurmur.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
0b35617
)
Update comment and always add extra certificate to the chain for PolarSSL
author
fatbob313
<martin@fatbob.nu>
Fri, 5 Nov 2010 14:08:41 +0000
(14:08 +0000)
committer
fatbob313
<martin@fatbob.nu>
Fri, 5 Nov 2010 14:08:41 +0000
(14:08 +0000)
src/ssl.c
patch
|
blob
|
history
diff --git
a/src/ssl.c
b/src/ssl.c
index 8472c408e01a1f39928e19e872862cc3fc21b9b1..4224c1de08f152d93922dc4eda09c8b03480f98e 100644
(file)
--- a/
src/ssl.c
+++ b/
src/ssl.c
@@
-137,14
+137,17
@@
static void initCert()
rc = x509parse_crtfile(&certificate, ca_file);
if (rc != 0) { /* No CA certifiacte found. Assume self-signed. */
Log_info("CA certificate file %s not found. Assuming self-signed certificate.", ca_file);
rc = x509parse_crtfile(&certificate, ca_file);
if (rc != 0) { /* No CA certifiacte found. Assume self-signed. */
Log_info("CA certificate file %s not found. Assuming self-signed certificate.", ca_file);
- /*
- * Apparently PolarSSL needs to read something more into certificate chain.
- * Doesn't seem to matter what. Read own certificate again.
- */
- rc = x509parse_crtfile(&certificate, crtfile);
- if (rc != 0)
- Log_fatal("Could not read certificate file %s", crtfile);
}
}
+
+ /*
+ * PolarSSL 0.11 - 0.12,1 has a bug; it ignores the last certificate in the chain.
+ * Read the certificate again so that it gets last in chain. Later releases like 0.14.0 works
+ * fine with the extra certificate, so I don't see any harm in doing so.
+ */
+ rc = x509parse_crtfile(&certificate, crtfile);
+ if (rc != 0)
+ Log_fatal("Could not read certificate file %s", crtfile);
+
free(ca_file);
}
free(ca_file);
}
@@
-161,7
+164,7
@@
static void initKey()
}
#define DEBUG_LEVEL 0
}
#define DEBUG_LEVEL 0
-static void pssl_debug(void *ctx, int level, char *str)
+static void pssl_debug(void *ctx, int level, c
onst c
har *str)
{
if (level <= DEBUG_LEVEL)
Log_debug("PolarSSL [level %d]: %s", level, str);
{
if (level <= DEBUG_LEVEL)
Log_debug("PolarSSL [level %d]: %s", level, str);