[glib-networking/wip/openssl] Create the full certificate chain
- From: Ignacio Casal Quinteiro <icq src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/wip/openssl] Create the full certificate chain
- Date: Wed, 2 Sep 2015 05:42:11 +0000 (UTC)
commit 333d81b2987385219c766ad78c11862897381dd5
Author: Ignacio Casal Quinteiro <icq gnome org>
Date: Wed Sep 2 07:41:53 2015 +0200
Create the full certificate chain
tls/openssl/gtlsserverconnection-openssl.c | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
---
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index a55f46e..12d0dbc 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -249,6 +249,7 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
{
EVP_PKEY *key;
X509 *x;
+ GTlsCertificate *issuer;
key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
@@ -275,6 +276,20 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
ERR_error_string (ERR_get_error (), NULL));
return FALSE;
}
+
+ /* Add all the issuers to create the full certificate chain */
+ for (issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (cert));
+ issuer != NULL;
+ issuer = g_tls_certificate_get_issuer (issuer))
+ {
+ X509 *issuer_x;
+
+ /* Be careful here and duplicate the certificate since the context
+ * will take the ownership
+ */
+ issuer_x = X509_dup (g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (issuer)));
+ SSL_CTX_add_extra_chain_cert (priv->ssl_ctx, issuer_x);
+ }
}
SSL_CTX_add_session (priv->ssl_ctx, priv->session);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
