Load the certificate chain rather than just the first certlinuxnet-8.1.20

As we are using LE certificates, we need to load the certificate chain rather than just the first certificate from the file.
author: Russell King <rmk+kernel@armlinux.org.uk> 2021-02-10 19:02:21 +0000
committer: Russell King <rmk+kernel@armlinux.org.uk> 2021-02-10 19:02:21 +0000
commit: c58bf409a7a927997ec4ca0d1359eb5502db606c (patch)
tree: 698c3b283c635a779e043cd5815307bce8ace6ce /src/conf_parser.y
parent: acce29d3e08a763f17aee28dda0b79130a312845 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/src/conf_parser.y b/src/conf_parser.y
index 823f96a..c82f6d9 100644
--- a/src/conf_parser.y
+++ b/src/conf_parser.y
@@ -535,10 +535,8 @@ serverinfo_ssl_certificate_file: SSL_CERTIFICATE_FILE '=' QSTRING ';'
       break;
     }
 
-    if (SSL_CTX_use_certificate_file(ServerInfo.server_ctx, yylval.string,
-                                     SSL_FILETYPE_PEM) <= 0 ||
-        SSL_CTX_use_certificate_file(ServerInfo.client_ctx, yylval.string,
-                                     SSL_FILETYPE_PEM) <= 0)
+    if (SSL_CTX_use_certificate_chain_file(ServerInfo.server_ctx, yylval.string) <= 0 ||
+        SSL_CTX_use_certificate_chain_file(ServerInfo.client_ctx, yylval.string) <= 0)
     {
       report_crypto_errors();
       conf_error_report("Could not open/read certificate file");
author	Russell King <rmk+kernel@armlinux.org.uk>	2021-02-10 19:02:21 +0000
committer	Russell King <rmk+kernel@armlinux.org.uk>	2021-02-10 19:02:21 +0000
commit	c58bf409a7a927997ec4ca0d1359eb5502db606c (patch)
tree	698c3b283c635a779e043cd5815307bce8ace6ce /src/conf_parser.y
parent	acce29d3e08a763f17aee28dda0b79130a312845 (diff)