Loading entire certificate chain from file into ssl context instead i…

…nstead of only the first one. This enables a client to retrieve a full certificate chain during a tls handshake. relates to HorizenOfficial#96
asbachb · Jul 26, 2018 · 5bead7c · 5bead7c
1 parent 63e1f4c
commit 5bead7c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/zen/tlsmanager.cpp b/src/zen/tlsmanager.cpp
@@ -180,7 +180,7 @@ SSL_CTX* TLSManager::initCtx(
 
         SSL_CTX_set_verify(tlsCtx, SSL_VERIFY_PEER, tlsCertVerificationCallback);
 
-        if (SSL_CTX_use_certificate_file(tlsCtx, certificateFile.string().c_str(), SSL_FILETYPE_PEM) > 0) {
+        if (SSL_CTX_use_certificate_chain_file(tlsCtx, certificateFile.string().c_str()) > 0) {
             if (SSL_CTX_use_PrivateKey_file(tlsCtx, privateKeyFile.string().c_str(), SSL_FILETYPE_PEM) > 0) {
                 if (SSL_CTX_check_private_key(tlsCtx))
                     bInitialized = true;
@@ -481,4 +481,4 @@ bool TLSManager::initialize()
 
     return bInitializationStatus;
 }
-}
+}