projects / mech_eap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d2c0e6) | patch
OpenSSL: Use connection certificate chain with PKCS#12 extra certs
authorJouni Malinen <j@w1.fi>
Mon, 10 Aug 2015 22:02:27 +0000 (01:02 +0300)
committerJouni Malinen <j@w1.fi>
Mon, 10 Aug 2015 22:27:03 +0000 (01:27 +0300)
commitde2a7b796d82d92120aa9532450863f503e1885a
tree08f65b850a57b0d11b9fda2c2b1353268ea2d6e9tree | snapshot
parent0d2c0e67769639924ad2d2e37f7c7d7bee46188bcommit | diff
OpenSSL: Use connection certificate chain with PKCS#12 extra certs

When using OpenSSL 1.0.2 or newer, this replaces the older
SSL_CTX_add_extra_chain_cert() design with SSL_add1_chain_cert() to keep
the extra chain certificates out from SSL_CTX and specific to each
connection. In addition, build and rearrange extra certificates with
SSL_build_cert_chain() to avoid incorrect certificates and incorrect
order of certificates in the TLS handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/crypto/tls_openssl.c diff | blob | history
Moonshot GSS-API mechanism