Skip to content
This repository has been archived by the owner on Jun 30, 2021. It is now read-only.

Use SSL_CTX_use_certificate_chain_file instead of SSL_CTX_use_certificate_file in evhtp_ssl_init #26

Closed
mannol opened this issue Aug 3, 2017 · 1 comment
Closed

Use SSL_CTX_use_certificate_chain_file instead of SSL_CTX_use_certificate_file in evhtp_ssl_init #26

mannol opened this issue Aug 3, 2017 · 1 comment

Comments

@mannol
Copy link

mannol commented Aug 3, 2017

Currently, libevhtp is using SSL_CTX_use_certificate_file to load a certificate file. That function lacks the ability to load the pinned certificate chain (if any) which has a consequence of connecting clients not trusting the received certificate. By using SSL_CTX_use_certificate_chain_file we give the libssl the ability to read and send the entire certificate chain (if any), which clients can check against.
NathanFrench added a commit that referenced this issue Dec 6, 2017
@NathanFrench
[#26] Use SSL_CTX_use_certificate_chain_file
4c4eb3a 
(reference #26)

Via @mannol

```
Currently, libevhtp is using SSL_CTX_use_certificate_file to load a
certificate file. That function lacks the ability to load the pinned
certificate chain (if any) which has a consequence of connecting clients
not trusting the received certificate. By using
SSL_CTX_use_certificate_chain_file we give the libssl the ability to
read and send the entire certificate chain (if any), which clients can
check against.
```
@NathanFrench
Copy link
Collaborator

Awesome; thank you very much!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mannol @NathanFrench